Re: Pirated WebCat? NOT...

This WebDNA talk-list message is from

2003


It keeps the original formatting.
numero = 49765
interpreted = N
texte = Well this little story just convinced me NOT to upgrade to 5.0 and I'm thinking to switch to a different platform alltogether.------------------------On vrijdag, 25 april 2003, Kenneth Grome wrote: >>Something that also bothers me is the apparent ability that Smith Micro has >>to retrieve the Serial number from my server. . .what else can you retrieve? >>If you can get this, can you read database files and decrypt credit card >>numbers too? Let me know and try to convince me that you >can't. . . > > >They *CAN* retrieve any piece of information that is accessible to >any webdna code on the server! > >All they have to do is put an internally hard-coded tcpconnect >context into the webdna engine code, along with the related code that >looks inside the files stored on the server, and then webdna can >traverse your entire folder hierarchy and grab any piece of >information it finds there, then send it to who knows where? > >To SMSI's server? >To someone else's server? > >Yes of course this means that the credit cards, which are already >stored unencrypted in webdna's plan text cart files and webdna >database files, are potential targets of 'secret acquisition' by >Smith Micro ... or worse. > >What could be worse? > >Well, possibly a disgruntled employee (or former employee) who has >written portions of webdna's internal code, possibly adding his own >little data grabbing snippets that deliver our customer's credit >card data to his server, even without the knowledge of others at SMSI >... :( > >My question is not so much whether the company as a whole is honest >enough to be trusted to allow this kind of internal data gathering >capability to exist. Because personally I have never trusted them >after they (PCS) promised me 50% of the revenues from the sales of >Typhoon (which I developed with them) only to learn later that they >would go back on their promises and cut me out of the deal. This >illustrates a clear lack of integrity for which I have no respect >whatsoever. > >And of course their repeated attempts to bully me into giving them my >webdna.net domain when I was the first to register it and when I >owned it long before they ever managed to get a trademark on the >webdna character string, that is yet another unethical behavior by >a company who seems to think we own them our trust. > >But regardless of these issue which I have personally had with >PCS/SMSI over the years, I cannot help wondering just how many truly >trustworthy people actually worked on webdna's engine code? > >Or how many not-so-trustworthy people may have had an opportunity to >slip in their own versions of a 'secret data grabbing' feature that >is completely unknown to the SMSI management??? > >My feeling, based partially on my own experiences in dealing with >this company and its predecessor, is that SMSI could easily have >treated their own people with the same kind of disrespect they have >shown me over the years. And this kind of treatment can cause really >some people to feel, shall we say, less than happy about SMSI's >treatment of them -- and possibly even vengeful. > >It wouldn't take much tweaking in the engine code by someone who >doesn't like the fact that he didn't get his promised raise last year >to create a very serious threat to the security of any site running >any version of WebDNA with this code in it. > >Because of these issues, I feel that there is no possible way that >SMSI will ever convince me that they can be trusted. I have >personally had far too many bad experiences with them. It is only >their word that we have to rely on, and that's what I continue to >find unbelievable. > >I mean, does *anyone* really believe that they were NOT trying to >sneak this feature into the software? > >I'm sorry but I simply do not believe that when this kind of >'feature' is added to software that never used to be able to do such >a thing, it is a BIG DEAL! And if the company were truly an ethical >company it would make every effort to report and explain this new >feature immediately, in CAPITAL LETTERS, so everyone would be able to >rest assured that they were not trying to hide it. > >Correct me if I'm wrong here, but I don't think that this is what >SMSI did ... :( >-- > >Sincerely, >Kenneth Grome >------------------------------------------------------------- >My programmers will write WebDNA code for you at $27 an hour! >------------------------------------------------------------- > >------------------------------------------------------------- >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >Web Archive of this list is at: http://webdna.smithmicro.com/ > ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Pirated WebCat? NOT... (Bonkers 2003)
  2. Re: Pirated WebCat? NOT... (Dan Strong 2003)
  3. Re: Pirated WebCat? NOT... (marc@kaiwi.com (Marc Kaiwi) 2003)
  4. Re: Pirated WebCat? NOT... (Doug Deck 2003)
  5. Re: Pirated WebCat? NOT... (Phillip Bonesteele 2003)
  6. Re: Pirated WebCat? NOT... (marc@kaiwi.com (Marc Kaiwi) 2003)
  7. Re: Pirated WebCat? NOT... (Phillip Bonesteele 2003)
  8. Re: Pirated WebCat? NOT... (Jeff Logan 2003)
  9. Re: Pirated WebCat? NOT... (Jay Van Vark 2003)
  10. Re: Pirated WebCat? NOT... (Kimberly D. Walls 2003)
  11. Re: Pirated WebCat? NOT... (Karl Schroll 2003)
  12. Re: Pirated WebCat? NOT... (Phillip Bonesteele 2003)
  13. Re: Pirated WebCat? NOT... (Joe D'Andrea 2003)
  14. Re: Pirated WebCat? NOT... (Doug Deck 2003)
  15. Re: Pirated WebCat? NOT... (Donovan 2003)
  16. Re: Pirated WebCat? NOT... (Kenneth Grome 2003)
  17. Re: Pirated WebCat? NOT... (Kenneth Grome 2003)
  18. Re: Pirated WebCat? NOT... (marc@kaiwi.com (Marc Kaiwi) 2003)
  19. Re: Pirated WebCat? NOT... (Nitai @ ComputerOil 2003)
  20. Re: Pirated WebCat? NOT... (Pat Holliday 2003)
  21. Re: Pirated WebCat? NOT... (Claude Gelinas 2003)
  22. Re: Pirated WebCat? NOT... (Daniel Schutzsmith 2003)
  23. Re: Pirated WebCat? NOT... (Bob Minor 2003)
  24. Re: Pirated WebCat? NOT... (Nitai @ ComputerOil 2003)
  25. Re: Pirated WebCat? NOT... (Kenneth Grome 2003)
  26. Re: Pirated WebCat? NOT... (Kenneth Grome 2003)
  27. Re: Pirated WebCat? NOT... (Nitai @ ComputerOil 2003)
  28. Re: Pirated WebCat? NOT... (Rene van der Velde 2003)
  29. Re: Pirated WebCat? NOT... (Kenneth Grome 2003)
  30. Pirated WebCat? NOT... (Rob Blair 2003)
Well this little story just convinced me NOT to upgrade to 5.0 and I'm thinking to switch to a different platform alltogether.------------------------On vrijdag, 25 april 2003, Kenneth Grome wrote: >>Something that also bothers me is the apparent ability that Smith Micro has >>to retrieve the Serial number from my server. . .what else can you retrieve? >>If you can get this, can you read database files and decrypt credit card >>numbers too? Let me know and try to convince me that you >can't. . . > > >They *CAN* retrieve any piece of information that is accessible to >any webdna code on the server! > >All they have to do is put an internally hard-coded tcpconnect >context into the webdna engine code, along with the related code that >looks inside the files stored on the server, and then webdna can >traverse your entire folder hierarchy and grab any piece of >information it finds there, then send it to who knows where? > >To SMSI's server? >To someone else's server? > >Yes of course this means that the credit cards, which are already >stored unencrypted in webdna's plan text cart files and webdna >database files, are potential targets of 'secret acquisition' by >Smith Micro ... or worse. > >What could be worse? > >Well, possibly a disgruntled employee (or former employee) who has >written portions of webdna's internal code, possibly adding his own >little data grabbing snippets that deliver our customer's credit >card data to his server, even without the knowledge of others at SMSI >... :( > >My question is not so much whether the company as a whole is honest >enough to be trusted to allow this kind of internal data gathering >capability to exist. Because personally I have never trusted them >after they (PCS) promised me 50% of the revenues from the sales of >Typhoon (which I developed with them) only to learn later that they >would go back on their promises and cut me out of the deal. This >illustrates a clear lack of integrity for which I have no respect >whatsoever. > >And of course their repeated attempts to bully me into giving them my >webdna.net domain when I was the first to register it and when I >owned it long before they ever managed to get a trademark on the >webdna character string, that is yet another unethical behavior by >a company who seems to think we own them our trust. > >But regardless of these issue which I have personally had with >PCS/SMSI over the years, I cannot help wondering just how many truly >trustworthy people actually worked on webdna's engine code? > >Or how many not-so-trustworthy people may have had an opportunity to >slip in their own versions of a 'secret data grabbing' feature that >is completely unknown to the SMSI management??? > >My feeling, based partially on my own experiences in dealing with >this company and its predecessor, is that SMSI could easily have >treated their own people with the same kind of disrespect they have >shown me over the years. And this kind of treatment can cause really >some people to feel, shall we say, less than happy about SMSI's >treatment of them -- and possibly even vengeful. > >It wouldn't take much tweaking in the engine code by someone who >doesn't like the fact that he didn't get his promised raise last year >to create a very serious threat to the security of any site running >any version of WebDNA with this code in it. > >Because of these issues, I feel that there is no possible way that >SMSI will ever convince me that they can be trusted. I have >personally had far too many bad experiences with them. It is only >their word that we have to rely on, and that's what I continue to >find unbelievable. > >I mean, does *anyone* really believe that they were NOT trying to >sneak this feature into the software? > >I'm sorry but I simply do not believe that when this kind of >'feature' is added to software that never used to be able to do such >a thing, it is a BIG DEAL! And if the company were truly an ethical >company it would make every effort to report and explain this new >feature immediately, in CAPITAL LETTERS, so everyone would be able to >rest assured that they were not trying to hide it. > >Correct me if I'm wrong here, but I don't think that this is what >SMSI did ... :( >-- > >Sincerely, >Kenneth Grome >------------------------------------------------------------- >My programmers will write WebDNA code for you at $27 an hour! >------------------------------------------------------------- > >------------------------------------------------------------- >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >Web Archive of this list is at: http://webdna.smithmicro.com/ > ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Rene van der Velde

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Bad suffix error (1997) NT Version on IIS 4.0 (1997) Hiding HTML and page breaks (1997) MacAuthorize (1999) Time for a hard questions. (1997) encryption madness (2003) Applescript Hack (1996) reading a email (2000) OT: Collaborative Browsing (2000) Showif Context combined with Search (1997) Trouble with formula.db (1997) hiding return characters (2000) can WC render sites out? (1997) Runtime version ... (2003) NetSplat and WebCat2 (1997) Re:no [search] with NT (1997) (thx) automating a POST (2002) [WebDNA] Error: Can't open order file. Ignoring [OrderFile] context Error: Error: expected [/APPLICATION], but found [/!] instead[/!] (2011) WebCat2 - [include] tags (1997) Navigator 4.0 & tables (1997)