Backdoor in 'Free PHP Directory Script' ?

[Jazzee]

You can't be serious

[John Scott]

It's just in the free script. I think he's be stupid if he didn't have a back door in. People could take his script, remove the copyright and sell it as their own.

[Jazzee]

It's perfectly okay... if he tells you first.

[John Scott]

Quote:

Originally Posted by Jazzee

It's perfectly okay... if he tells you first.

Huh.... But then wouldn't they be able to find the back door and remove it, and sell his script as their own?

[I, Brian]

I gather this isn't in the full paid for version, then?

[John Scott]

Quote:

Originally Posted by I, Brian

I gather this isn't in the full paid for version, then?

No, just in the free version.

[awall19]

Quote:

Originally Posted by JohnScott

Huh.... But then wouldn't they be able to find the back door and remove it, and sell his script as their own?

you still can anyway right now? what prevents me from doing that right now. now he just gets free negative press

[awall19]

Quote:

Originally Posted by JohnScott

I fail to see how it could be wrong.

if somebody hacks his database to get your password and then hacks your stuff then it sucks to be you.

[John Scott]

I've worked a lot with the guy, and he's always been very professional, fast and polite. He's a great guy, IMO.

[JayM]

I think to put a backdoor in and not tell people isn't a good thing. (Thats if he's not telling people?)

Any kind of backdoor is a potential security risk -

I don't think anyones judging him for him to offer to send the script without the backdoor to anyone who wants it shows hes a genuine good guy who only wants to be credited for his work.

[awall19]

Quote:

Originally Posted by JohnScott

He's a great guy, IMO.

I am not saying he is a good or bad guy.

he has been rather quick whenever I needed to contact him (in fact I have contacted him recently and he was really fast).

so far he has had to use that backdoor once (by his own admission) and by him collecting that data how many people has he put at risk?

0? maybe, but we do not know what happens with the data after he collects it and for him to throw an egg in all of them is completely bogus IMHO.

if you sell stuff online you need to account for a small amount of fraud. to get even with one or two potential thieves is not a legit excuse / reason to put an egg in the program.

why not tell the people who send him $50 about the egg.

again, extremely bogus. nothing more, nothing less.

[awall19]

Quote:

Originally Posted by JohnScott

It's just in the free script.

when you pay the $50 the egg is still in the software and he does not inform you about it.

[ssgupta]

Quote:

It's just in the free script. I think he's be stupid if he didn't have a back door in. People could take his script, remove the copyright and sell it as their own.

Quote:

I've worked a lot with the guy, and he's always been very professional, fast and polite. He's a great guy, IMO.

A backdoor in the form of image may be okay to monitor installations, but getting passwords in this manner is certainly illegal. Beacsue Biz Directory have had others using their script in an illegal manner, doesn't gives them right to harvest our passwords. Someone's house was broken-in, so start breaking-in others' houses.

Being porefessional fast and polite doesn't exempt them to comply with ethical and legal requirements.

[Jazzee]

Quote:

Originally Posted by JohnScott

I've worked a lot with the guy, and he's always been very professional, fast and polite. He's a great guy, IMO.

He very well may be a "great guy", but that doesn't excuse the fact that what he is doing is wrong.

[John Scott]

Quote:

Originally Posted by Jazzee

He very well may be a "great guy", but that doesn't excuse the fact that what he is doing is wrong.

Okay. Whatever.

[Shawn]

What he is doing IS wrong. I'm no lawyer, but it sounds like a violation of various laws. For one invasion of privacy. Passwords are for the users only,and security experts all agree that many users use the same passwords for everything...online banking, school websites...etc..it really opens some bad doors...him having access to a user's password.

[ssgupta]

Extracts from messages exchanged with Biz Directory:

Me: The image may be okay to monitor installations but harvesting passwords - it's called "phishing" on the web.

Them: We do not get any personal information from the users, of course not the password. The referrer, being a post form, does not include the data submitted. We only get the installation url.

Me: And this kind of treatment to paying clients?

Them: We have not used this against any legal user, and of course we will not do it ever. You talk about ethics, but precisely we made this addition to fight unethical (and illegal) acts. You can call it what you will, but you as a legal user have not been harmed and never will be harmed. I've just uploaded also this clean copy to the site, so new downloads will not include these features. Many programmers are opting now for remotely hosted scripts, so they can cancel fraudulent accounts unilaterally. This was quite similar. Maybe non-programmers can't understand these concepts and in any case it's almost funny (if it was not frustrating) how many of the people who is complaining in forums are in fact ilegal users of the script...

However we will not take actions anymore, we prefer not to have anoyed customers though we have to bear abuses from other people.

[John Scott]

If it's a big deal, there are other scripts out there to use.

[ssgupta]

Wish had known earlier. Certainly would not have gone for it.

[MarketingLady]

John, the code passing the PW to biz-d. is violating credibility; it is a matter of privacy policy and not of protection of the creator.
If somebody doesn't want his scripts go around through the whole internet, he has to compile them !
Credibility of people inserting backdoors in free scripts is not huge, even if they are good professionals. In my eyes, there is no argument for hidden survey insertion. Again: it's not a matter of distributing this script and charge for this service, it's a matter of violating privacy !

Greets