Existing users, 
User Name ramcito
Member Since 2008-06-20
Total number of Feedback Posts: 1
Total number of comments: 3
Last 10 Feedback Posts by ramcito [ Search for All ]
DV Backup 1.4.2 (Mac OS X)
DV Backup has the potential to be spyware. 
(To maintain the privacy of users, and abide by versiontracker submission guidelines, all third party emails and links have been obfuscated. I'd like to thank the editors at versiontracker with the help they provided in getting this review compliant with their guidelines). Upon startup, this program downloads a file called "monitor.txt" from http://web.onetel.com/*******/monitor.txt. That file is now gone, but at the time of the original review being written the file contained the following entries: w***@m***.com 0 - d***@aol.com 1 - r***@aol.com 0 - b***@yahoo.com 0 - f***@mac.com 0 - m***@gmail.com 1 - m***@c***.net 0 - o***@m***.com 0 - c***@a***.com.br 2 http://web.onetel.com/*****/find.sh a***@tin.it 1 - k***@h***.com 0 - g***@triad.rr.com 0 - b***@silly.com 0 - s***@t***.com 0 - What is interesting is that for certain users, the vendor can execute arbitrary scripts on their machines. For example, if we check the contents of find.sh as shown above, we see the following: #! /bin/tcsh find "/Volumes/MacOS 9.2.2" -name \*DVBackup\* -print > /dev/console This script searches a users machine for the vendor's product. He could conceivably execute or install any type of software. My final comment is about the interaction I've had with the developer. I have purchased a license of this software and to this day I cannot run the software in a licensed manner. Additionally, because of my desire to publish this review the vendor will no longer respond to emails. [alert admin]
Read Comments (2) | More Info | 3 of 4 users found this helpful
Wednesday, July 09 2008 @ 06:23 PM PDT
Last 10 Comments by ramcito [ Search for All ]
Response from the developer...
You are right to be concerned because: 1) The connection you saw is used to download lists of users that aren't authorised to run the software anymore. 2) Through DNS spoofing, other hijacking methods or simply if the developer wishes it, your computer can be forced to execute arbitrary code. 3) My previous review describes this behaviour in 1.4.2 and apparently it hasn't changed in 1.4.3. I have never used this software successfully and I encourage all prospective…
Original feedback item : Read More(1 words)
Wednesday, October 15 2008 @ 02:00 PM PDT
Response from the developer...
1) Your software phones home to download lists of users that aren't allowed to run your software any more. 2) It is possible through DNS spoofing and a variety of other methods for the average user to have his machine hijacked. 3) I have never sucessfully used your software, and I encourage all users looking at this software as prospective buyers to look elsewhere for all the reasons I mention in my review.
Original feedback item : Read More
Wednesday, October 15 2008 @ 01:50 PM PDT
Response from the developer...
I am not surprised at your reaction at the behaviour of the software. The developer states that this connection is a measure to stop illegal use of his software. While it may achieve that purpose it also exposes you to a variety of security issues. The question you have to ask yourself is if you want software whose stated purpose is to perform backups onto DV cameras executing arbitrary processes on your system in the…
Original feedback item : Read More(1 words)
Wednesday, October 15 2008 @ 01:41 PM PDT
