|Main Archive Page > Month Archives > full-disclosure-uk archives|
Suppose that acquiring the code requires you to agree to unfavorable terms of service hidden somewhere on the site, including agreeing to future (and possibly unwanted) scans, agreeing to allow the company to plant malware, and indemnification.
IMHO, I think auto454357 raised some valid concerns. As for the auto generated email, he/she used hushmail (instead of yahoo/hotmail/gmail), which tells me the person might not fit your classification.
On Thu, Jan 7, 2010 at 11:16 AM, Robin Sage <email@example.com> wrote:
> This definitely sounds like a clueless federal agent.
> Especially since he uses an autogenerated email address.
> Get with the program........the internet is wide open for people to scan.
> From: Cody Robertson <firstname.lastname@example.org>
> To: email@example.com
> Sent: Thu, January 7, 2010 10:51:14 AM
> Subject: Re: [Full-disclosure] iiscan
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On 1/7/10 10:18 AM, firstname.lastname@example.org wrote:
>> So let me see if I got this the right way.
>> You guys are allowing an unknown company to scan for your webapps,
>> being those apps business critical or not. On top of that, the
>> unknown company is based on a country where government supports
>> acts of electronic espionage against other nations, mainly those
>> where you guys are based.
>> Is this correct? or am I missing something?