mailing list archives
Re: Response from FTPPro
From: mailing-lists () CEDRIC NET (Cedric Amand)
Date: Wed, 2 Feb 2000 23:34:45 +0100
I think we're reaching the Twilight zone, so I'll be brief but
there are blatent errors in this email.
F> *** FTPPro does NOT glean Passwords. ***
Your email included the login that the user entered in your program.
This is a fact. This login is a valid Skynet customer login.
This has nothing to do with you site or your registration stuff.
This user used your software to access his web page, using
this particular login. By no means on earth should you be aware of
what FTP logins your users enter when they use your FTP program.
Your email (my post on bugtraq) submitted me not only with his
login, but the host he was connecting to, and the IP he was from.
All of this using your program.
How the hell were you aware of these ?
Answer to this simple question would clarify the debate, otherwise, I
keep saying your program sent this information to your offices, which
is maybe a feature to protect your intellectual property, but also a
security concern for some system administrators, and the Bugtraq
mailing list is meant for such concerns.
F> It should be noted that the person who originally posted the complaint
F> against our program is an active user of warez sites.
The person who posted the informative email (aka complaint) is me,
system administrator for a nationwide ISP.
F> Many damaging viruses have been spread by these illegal warez programs.
I just snip the rest. hallucinating.
--< Cédric "Ced" Amand >---< Security Manager & Unix Sysadmin >--
--< http://cedric.net/ >---< @ Skynet - http://www.skynet.be/ >--