Re: AW: [cobalt-security] Unofficial PHP 4.1.2 PKG available

[Michael Stauber <cobalt@xxxxxxxxxxxxxx>]

Hi Andreas,

> Look, I compiled this FREE package for everyone to use, now the only
> thing I do is tracking who used it. Do you think this is a privacy
> violation? I could ask money for it and not give the package to you
> until you sign a contract and give me your full name, including your
> birthday. Is that a deal to you? Well, the only thing that is
> interesting in that e-mail is the kind of hardware people are using, and
> this gives me an idea what kind of system I will expect when I'm doing
> more of those packages.

Ah, I gather you're someone who thinks the best defense is an offense? :o)

Well, this is a list with quite a lot security minded people who spend a lot 
of their time and efforts to secure their servers. Personally I don't know a 
single one who likes to be spied upon. And if so, then they should have the 
*choice* to decide if they want that or not.

You don't leave 'em this choice as you slip your spyware into a nicely 
wrapped package and betry all those people who install it in good faith.

> Your hostname, by the way, is public anyway as
> everything is public on the web.

Just because something is connected to the web doesn't mean it's public or 
even free for you to take. Furthermore the kernel version gives indications 
about the patchlevel of the machine. So afterwards you'll have a nice list of 
vulnerable servers which you can hit one at a time.

Your Austrian, right? Well, pardon my sarcasm, but heartfelt congratulations 
to you: Your software violates Article I, Paragraph 88 and Paragraph 91 
section 3 of your national communications law. Outch.  

I'm too lazy to look up the corresponding US law (or the one here in 
Germany), but better don your asbestos underwear.

-- 

With best regards,

Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer