lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 6 Jun 2006 01:09:44 +0200
From: Ronald van den Blink <ronald@...urityview.org>
To: bugtraq@...urityfocus.com
Subject: Re: [Info Disclosure] Diesel PHP Job Site Latest Version


In response of the DieselScripts reaction we have contacted them and  
told them we should write an article about them and their way of  
working. They came up with the same reason why they use these  
phonehomeprocedure and some shocking details about the way they use  
it. At the end we've got them to remove the phonehomeprocedure ;) The  
article itself is at

http://www.securityview.org/dieselscripts-or-how-a-small-company-is- 
making-the-errors-a-big-one-cant.html

With regards,

Ronald van den Blink
SecurityView.org

On 31 May, 2006, at 15:20, John F Flynn III wrote:

> As a systems administrator, I must say that your methods are  
> unacceptable. You are violating your customers' trust by doing this  
> without their knowledge. You even made an effort to hide the code  
> that sends the information! This is outright deceit and should not  
> be tolerated by anyone.
>
> Regardless of your motives, this deceitfulness must be exposed for  
> all to know about.
>
> Perhaps you should trust your customers more. As word of this gets  
> out, you are likely to have a lot fewer of them. I just feel sorry  
> for those who do not find out in time and have their systems  
> compromised because login credentials and other information were  
> sent clear-text over the Internet.
>
> -John
>
> support@...selscripts.com wrote:
>> Hello,
>> To explain this to all visitors, the information is used to  
>> prevent any unauthorized copies from running on the web.
>> All of the php developers that sell products online use this  
>> method or even more methods.
>> Please stop making such a big deal out of this because it's our  
>> way of protecting our work and business.
>> Thank you for understanding !
>> DieselScripts Staff
>> www.dieselscripts.com
>
> -- 
> John Flynn                              flynnj@...fiu.edu
> =========================================================
> Systems and Network Administration             /\_/\
> School of Computer Science                    ( O.O )
> Florida International University               >   <

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ