G-Archiver Pulls Their Software From Distribution

Wednesday, March 12, 2008 by Mistlee


Can't see any images? - !




Click to Play

SMX West: Chris Elwell
Mike McDonald of WebProNews spoke with Chris Elwell, the President for Third Door Media, and one of the brains behind the SMX conference series. Elwell gives...

Top Security News

Enterprise CMS Fall Short On Security Demands
CMS Watch released research that finds Enterprise Content Management (ECM) products ill-equipped to meet the security requirements of Service Oriented Architectures (SOA). In its most recent research...

Flash Vulnerabilities Discovered By Google Researchers
The Register reports that Google Researchers have documented serious vulnerabilities in Adobe Flash content which leave tens of thousands of websites susceptible to attacks that steal the personal...

Hackers Bypassing Registration With PyCurl
Interesting hacking attack going on at a social networking site that I am working on today. Seems that the hacker is using PyCurl to bypass the registration page and dump user's right into the system.

IT Managers Stressed By Employees
IT managers are more worried about end users creating a problem for their IT Systems than about attacks from hackers, according to the, "2007 State of Security Report", sponsored by Websense. More than half...

03.12.08

G-Archiver Pulls Their Software From Distribution

By Dan Morrill

G-Archiver, the software that was previously caught by coding horror and blogged about here has pulled the version of the software that captures user credentials and e-mails them to Google. From the time it was discovered by Coding Horror on the 7th through to this morning when the tainted version was pulled is about 5 days.

While not bad for a company to respond in five days, the reason that the code was there in the first place was that this was debug code.

This debug code should ever have passed any form of internal QA.

Let alone using a G-mail account as a debug system further calls the "debug story" into doubt. I have never known a company to use g-mail for debugging purposes on a chunk of stand alone software. While G-Archiver does work with Google, the story just does not ring true, you don't copy and capture user login's and send them to g-mail as a debug process.

Try a Better Way Today. Try WebEx PCNow


This read more like damage control than anything else. Which is valuable to do, you want to do damage control, the problem is that all this passed QA, and it took an outside researcher to catch the issue. It is like they never went back and asked themselves, "did I remove all the debug code".

There will probably be more on this one. In the longer run though, never trust software. If you have to trust software, check it out in house, Google search for it, and find out as many flaws as possible before you go and download it.

Comments


About the Author:
Dan Morrill has been in the information security field for 18 years, both civilian and military, and is currently working on his Doctor of Management. Dan shares his insights on the important security issues of today through his blog, Managing Intellectual Property & IT Security, and is an active participant in the ITtoolbox blogging community.

AboutEnterpriseSecurityNews
Security news and updates for your enterprise

EnterpriseSecurityNews is brought to you by:

SecurityConfig.com NetworkingFiles.com
NetworkNewz.com WebProASP.com
DatabaseProNews.com SQLProNews.com
ITcertificationNews.com SysAdminNews.com
LinuxProNews.com WirelessProNews.com
CProgrammingTrends.com ITmanagementNews.com


-- EnterpriseSecurityNews is an iEntry, Inc. publication --
iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509
2008 iEntry, Inc. All Rights Reserved Privacy Policy   Legal

archives | advertising info | news headlines | free newsletters | comments/feedback | submit article


Unsubscribe from EnterpriseSecurityNews.
To unsubscribe from EnterpriseSecurityNews or any other iEntry publication, simply send an email request to: support@ientry.com
Enterprise Security News News Archives About Us Feedback EnterpriseSecurityNews Home Page About Article Archive News Downloads WebProWorld Forums Jayde iEntry Advertise Contact

0 comments: