[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Unofficial PHP 4.1.2 PKG available

You know what burns me, is when he announced that
pkg to the list he never mentioned anything about
the spyware in the pkg.

He just simply gave a URL to the package, not his site,
in his email here.  

He should have just gave a link to the site where the pkg
was so we could read the warning about the embedded 
spyware.    I just went to the link of the pkg and downloaded
the pkg, never aware of any spyware.

I will think twice about getting something from him in the 
future!

Joe

Message: 1
From: "cbtrussell" <cbtrussell@xxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Subject: Re: [cobalt-security] Unofficial PHP 4.1.2 PKG available
Date: Sun, 3 Mar 2002 19:58:24 -0500
Reply-To: cobalt-security@xxxxxxxxxxxxxxx

> well, if this is detailed information or not is to be argued about. But
> well, yes. It is phoning home so that I'm able to track the spreading of
> the package.

Busted.

> And now tell me which information in
> this e-mail is sensitive to your privacy?!

I would be very upset if I installed a piece of software that sent the
author the address of my machine, as well the kernel info enclosed below. I
think it's sneaky and ill-advised at BEST.  The worst part is your failure
to disclose the spyware prior to being caught red-handed, which speaks
volumes about your ethics. Is there a sinister motive here? I honestly doubt
it, but even so, you can bet I won't ever be installing any pkg's from your
site.

Michael - how did you notice the message home? Nice work. And BTW, you owe
me an email!

Brandon


--__--__--

_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security


End of cobalt-security Digest