Jump to content

Inappropriate Actions Regarding the Security Topic


Jig

Recommended Posts

This is in regard to the security post made here:

Why was this thread locked? This is a very relevant discussion for people using your product. I understand that the thread also contains personal matters. Please make a post acknowledging these security issues, or make a new sub-forum for users to discuss them among themselves. Security issues are absolutely on-topic, and the concerns posted by @livelace and @eth0 are valid. If you do not take interest in the issues researched by @Patrick Kolla-ten Venne, I fear that a malicious entity may. Please do not silence this matter; this is of high importance to us as daily users of your software.

Link to comment
Share on other sites

Oh boy, I didn't know they closed the thread. Now I go there to see why and the only response from the Symless staff is to say that @Patrick Kolla-ten Venne's account was refunded and that's why it didn't have access anymore. No word about the security issues at all.

Let's leave aside the fact that looks pretty weird for a long-term customer with an existing license for Synergy 1 that has submitted a 30 page security review to request a refund immediately and close the door on any further discussion on the issues, so I have to wonder why would you guys refund him without him even asking for it. But as I said, let's not focus on that. For all I know, he might have requested a refund and you complied.

Now, in the other thread I said the radio silence from Symless about the security issues was scary, and @Patrick Kolla-ten Venne's allegations about your negative response and refusal to address them looked like shady practices on Symless' part, but I tried not to make assumptions and wait for your official response about the matter.

And then you go and lock the thread without so much as a “we'll open an official thread very soon”! Way to address the issues, guys! O.o

Certainly doesn't look like sweeping it under the rug now, does it?

  • Like 1
Link to comment
Share on other sites

Patrick Kolla-ten Venne

Thanks for raising this :)

Meanwhile, just in case they were thinking this to be a hoax, I posted a rough description of an attack vector and one weak part in Synergy here. One week without a reply, but I hope they're going to address the issue in the background.

You can also view the work in progress document at https://download.spybot.info/Reviews/Synergy2/Security Review Synergy2.pdf . I haven't updated this within the past week, there's still some stuff to add, and it covers the spyware issue more than the security issue, because under industry standards (ASC definitions), it would have to be regarded as such.

 

  • Thanks 1
Link to comment
Share on other sites

It's unbelievable, security recommendations and exhaustive report were ignored. Those things cost money, but in this case they just were ignored. It's unacceptable in modern world to just close eyes to threats and keep silence !

I did the right chose when turned off Synergy everywhere. I need to back to Nomachine until Synergy someday will fix all flaws.

PS. Patrick Kolla-ten Venne, thank you for you work!

 

  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...