Small width layout Medium width layout Maximum width layout Small text Medium text Large text
     Search
Downloads Downloads Directory Directory Forums Forums Forge Forge Blogs Blogs        Marketplace Marketplace Careers Program Careers
Community › Forums Register  |  

DotNetNuke Marketplace
  Ads  
Aspose - The .NET & Java component publisher
 


  Sponsors  

Meet Our Sponsors

Salaro -- Skins and more
OnyakTech
CrystalTech Web Hosting™
Webhost4life, specialists in DNN hosting
Mad Development is a full service interactive agency focusing on the merge of design, technology, e-commerce, and affiliate marketing by providing total website solutions.
SteadyRain
 


DotNetNuke Forums
 
  Forum  General DotNetN...  Chat About It!  PowerDNN: Put up or shut up
Previous Previous
 
Next Next
New Post 5/23/2008 10:38 AM
User is offline Alex Shirley
2189 posts
5th Ranked




Re: PowerDNN: Put up or shut up 

I can't freeze this post, but I would strongly recommend everybody stick to the thread (URL below) for further comment, to save everybody repeating themselves:

http://www.dotnetnuke.com/Community/Forums/tabid/795/forumid/118/threadid/228767/scope/posts/Default.aspx

Well might as well promo one of my DNN sites as I'm here: http://www.snasty.co.uk
 
New Post 5/23/2008 10:52 AM
User is offline Charles Nurse
2915 posts
5th Ranked










Re: PowerDNN: Put up or shut up 

 Joe Brinkman wrote

Also, because these vulnerabilities have existed for a couple of years there was no reason to create a panic in the community.  Prior to this there is no evidence that anyone had discovered much less exploited these vulnerabilities even though numerous audits by professional security organizations and governments had been performed.  Delaying notification until the DotNetNuke team had a chance to create a patch would not have jeapardized their own customers and would have kept the rest of the community safe until a permanent fix could have been distributed.

Just to emphasise Joe's point here - the two isses identified by PowerDnn have existed for (1) 18 months at least and (2) since September 2004, and have NOT ever been reportd as being taken used to target a site. 

Therefore the case that this "panic" was neccessary is spurious - it could have been fixed within 24-48 hrs without raising this panic if PowerDNN had followed normal industry-standard security practices.

No-one here is saying that PowerDNN's service is not excellent - Ed is obviously happy with his service - and his testimonial is front and center on their home page. 

The issue here is the un-professional response shown by PowerDNN in panicking the community with:

  1. an unneccessary email blast to its clients 24 hrs before releasing the information to the Security alias - its the timing that is the problem - taking advantage of the issue before reporting it through the appropriate channels
  2. a blatant (at least to many people on these forums) attempt to make money from the community with the Security Scanner tool  and
  3. the Press Release mentioned above - which was not neccessary and again promotes PowerDNN as being the white knight that saved DotNetNuke, rather than the Company that caused the scare.

I have attempted to give them the benefit of the doubt - as you can see by my comments on other threads, but so-far PowerDNN have done nothing to justify that and my respect for them is fast disappearing.

Tony has my IM and has not been reluctant to use it when he wants me to provide him with free advice - the least he could have done would have ben to IM me and let me know they had found an issue.

Charles Nurse
DotNetNuke Trustee,
Senior Architect, DotNetNuke Coporation
 MVP (ASP.NET) and
ASPInsiders Member
View my profile on LinkedIn
See my Blog for Articles on .NET, DNN and Module Development

View my Blog
 
New Post 5/23/2008 11:17 AM
User is offline Carlos Rodriguez
526 posts
www.almacigo.com
8th Ranked


Re: PowerDNN: Put up or shut up 

PowerDNN is not greedy for money, $20.00 a pop is not going to make anybody rich, but their greed for PR severely clouded their judgement...

The need for fame and recognition is what got them...

Interesting case, whose gonna put together the case study/article/press release on how NOT to handle a zero-day vulnerability finding???

They are going to be known and famous after all...

 

 
 
New Post 5/23/2008 11:28 AM
User is offline Joe Brinkman
1332 posts
www.dotnetnukecorp.com
6th Ranked






Re: PowerDNN: Put up or shut up 

Carlos,

  The article on how to handle the issue was already posted 2 days ago - http://www.dotnetnuke.com/Community/Blogs/tabid/825/EntryID/1839/Default.aspx

Joe Brinkman
DotNetNuke Corp.

The Accidental Geek - Joe Brinkman
 
 Page 3 of 4Previous1234Next 
Previous Previous
 
Next Next
  Forum  General DotNetN...  Chat About It!  PowerDNN: Put up or shut up
 


Forum Policy

These Discussion Forums are dedicated to the discussion of the DotNetNuke Web Application Framework.

For the benefit of the community and to protect the integrity of the project, please observe the following posting guidelines:

1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DotNetNuke.
2. Discussion or promotion of DotNetNuke product releases under a different brand name are strictly prohibited.
3. No Flaming or Trolling.
4. No Profanity, Racism, or Prejudice.
5. Site Moderators have the final word on approving/removing a thread or post or comment.
6. English language posting only, please.
 


DNN Outsourcing
50% more affordable services comparing to Western Europe and US: Custom DotNetNuke module development, skins, consulting, maintainence... Over 15.000 working hours of experience in custom DotNetNuke Solutions development, 8 years experience in outsourcing, excellent references!
www.dnnoutsourcing.com 		Expressnet - DotNetNuke Hosting
Expressnet provide premium quality ASP.NET Web Hosting. We specialise in Windows based products including ASP.NET and Microsoft SQL Server. We offer fantastic value packages for DotNetNuke hosting. We also offer free asp.net web hosting
www.expressnet.com.au 		Softech Development, Inc.
We help your business work smarter with DotNetNuke. Whether you need a new implementation, a custom module or skin for an existing implementation, or integration with your business processes, Softech has the experience and expertise to make it happen.
www.softechdevelopment.com

DotNetNuke Corporation   Terms Of Use  Privacy Statement
DotNetNuke®, DNN®, and the DotNetNuke logo are trademarks of DotNetNuke Corporation
Hosted by MaximumASP