Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Info Disclosure] Diesel PHP Job Site Latest Version

from [GulfTech Security Research] Network Security [Permanent Link]
Subject: Re: [Info Disclosure] Diesel PHP Job Site Latest Version
Date: Tue, 30 May 2006 19:17:19 -0500 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

"All of the php developers that sell products online use this method"

Uh no, it doesn't work like that, sorry. If the original report is true
and you were receiving the private database passwords etc of your
customers then you are doing something that is negligent, deceiving, and
possibly breaking some laws.

I have worked for a large number of reputable software companies and
their "phone home" scripts usually work like this.

1) The bit that phones home is usually encoded with something like zend
accelerator or ion cube so that it is more difficult to tamper with.

2) When the script phones home it is usually with some sort of license
key, and sometimes includes your domain name and other minor details.

I have reviewed many proprietary code bases that use these phone home
methods, and all of the ones I have seen are harmless, and justified in
the data they are requesting. Never once have I seen a legitimate
application use phone home methods to send database credentials.

Would you please name for us one application that phones home with
credential information?

Kind Regards,

James


support@dieselscripts.com wrote:

Hello,



To explain this to all visitors, the information is used to prevent any 
unauthorized copies from running on the web.



All of the php developers that sell products online use this method or even 
more methods.



Please stop making such a big deal out of this because it's our way of 
protecting our work and business.



Thank you for understanding !



DieselScripts Staff

www.dieselscripts.com



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)

iQIVAwUBRHzggNR/maLeH1kRAQpdCA//fE/SbaGU2YPYNL3iZHp2DK9zOJHi+cKV
8Ln3g0F80Sj2jeETuLm6DvijS5E4xtXU1KzNHJpgMcQLKf+yI54LJWc3MxJDQeXE
9uW995J36xb5EBfSbdceI8QGK9XQUrG1C2AfXOM0JK1EeuSGd7O9LF+k8QAGh8Bk
9Jw2n6zopfFwxP1cP12dHZPbSPCk0wdwZrokn9jplZK4QIyH9mRBYG+XnnJlXtt8
/uj+5YS9U7KKuycM4WTwCUXiRI1vkFOudmpxv7qlSg7Cpbk7Jd+Efc+MvDcDBT6e
iHSb14ivFna6sv02zg8Gg9bMllRSfLkucFgfUza9G4v5XfMmBh3BHDx5ujkGXml9
ZFrVmaX5mNgFYuEFQr638ZdvAOqEtnQ+xrjiQG623rNo8NFlIPJBlhviR2qaiupt
go4HoH12x1D2Msi6dmI7OHr8i9DzKhOCs9InHoGVRNq2XJTPjljywSJgV1f+VFwh
y8jZzjzTi1SD3e0HMEaSiGbkYv3wEgTTuWnLzSvfYLLZ3gJMpNOmGc1gd7Y6b9wF
8w+tjVMkdow8EU1PdKv0Pacbh7Qx39yDwomW15YNgt6aKYoCQp10XsCH9U3MNSql
9pEyLItMyy3oyiYyOilPz1nAeaI1rvEAatZ4ddvQHdXa4Ly1fCKSIsEd+AEOpGxx
ua+s3V3PkSQ=
=yeV+
-----END PGP SIGNATURE-----
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  # MHG Security Team --- PHP NUKE All version Remote File Inc., erne
Next by Date:  QontentOneCMS v1.0, luny
Previous by Thread:  Re: [Info Disclosure] Diesel PHP Job Site Latest Version, support
Next by Thread:  AspBB Forum "profile.asp & default.asp" XSS Vulnerability, TeufeL Online
Indexes:  [Date] [Thread] [Top] [All Lists]