[23519] in bugtraq
SpiDynamics WebInspect - Keeping Track of its Users?
daemon@ATHENA.MIT.EDU (A.S.)
Sat Dec 15 17:50:03 2001
Date: 15 Dec 2001 15:12:26 -0000
Message-ID: <20011215151226.8160.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: "A.S." <DB@globalapathy.com>
To: bugtraq@securityfocus.com
WebInspect - *Privacy ALERT*
------Cut and paste from SpiDynamics Website--
----
WebInspect, S.P.I. Dynamic's premier product, is the
most comprehensive network-based web application
security solution ever designed. It dynamically
uncovers well-known static security holes, as well as
security vulnerabilities specific to your own custom
web applications, working with your existing security
software to re-enforce and strengthen functionality.
Using patent-pending logic, WebInspect hones in on
a new class of vulnerabilities undetected by any other
scanner currently on the market.
------End cut and paste from SpiDynamics
Website------
Basically it's a vulnerability scanner that you use
to remotely test your website for potential security
holes. A demo of it is available for download from the
SpiDynamics Website
(http://www.spidynamics.com) for the cost of filling
out an information form.
I've come to the conclusion that SpiDynamics is
keeping track of atleast what sites you are scanning
with their software and possibly much more. What's
worse is that there's NO mention of this "Reporting"
activity on the part of the software in the EULA(End
User License Agreement) that you must agree to
before you install their demo of WebInspect. I'm no
legal expert, Or master hacker...But anyone can see
that something strange is going on here. And a lead
developer from their company even admitted to me
on the telephone that "I had found a Bug". The thing
is, that I personally think it's intentional, and not just
some accidental oversight on their part. It seems to
me that this is Highly illegal, almost to the point of
evesdropping...but like I said i'm no legal expert, you
be the judge...
http://www.globalapathy.com/news/default.asp (Read
full article here)
-DB
