Categories

BitTorrent
Conferences
Direct Revenue
Julie Amero
Myspace
Podcasts
Postbag
The Big Ones
The Fourth Wall
Yapbrowser
Zango

Creative Commons License
All articles licensed
under a Creative
Commons License.  








Home | About me | Press | The Fourth Wall | Links

Tuesday, May 09, 2006

So many checks, and yet it still went wrong...

I didn't offer my thoughts on the answers given to Wayne Porter by the Yapbrowser people straight away, as I wanted to go off and have a think about what they'd said. Could it be true that they've been shafted by their evil webhosts, forcing lashings of free nastypr0n onto their browsing application?

Well.....

.....strokes chin...

.....has a think........

.....bleh.

It is indeed a possibility - however, the possibility is so slight that you're pushing the envelope of credibility to expect anyone to believe it.

For example:

Porter: Have you received payment from 180Solutions for the Zango downloads you delivered?

Yap's Response: By that time, no more than 5 downloads of my proglram were made What payments can we talk about?

I don't know about you, but...

1) I downloaded the application at least two or three times - due to the download corrupting. Then I downloaded once more, shortly after they'd brought their site back online - I wanted to see if it was still functional (it wasn't). Are we including attempted download attempts here too, or just "completed" ones?

2) Andrew Clover downloaded the application and tested it - so, there's another one.

3) Sunbelt wrote about it - presumably, they would've downloaded the application too.

4) McAfee cover the program on their listings here. One more download ftw.

5) Numerous other people - security buffs, "curious" passers-by and God knows who else will naturally want to play with the "latest nasty app" on the shop floor. Happens every time. And I imagine lots of sickos who got wind of the story would've downloaded it as fast as their little illegal pr0n legs would carry them. I even had a few people posting "Where can I get this thing" in my comments - I doubt it would've taken them long to get hold of it.

See?

That doesn't seem like "only five downloads" to me, especially as the site was publically available. if it "wasn't for public distribution", why on Earth was the site live and ready to roll? It just doesn't make sense. Especially when the site has clearly been shovelling some traffic. Their Alexa rank is 1,235,992, which isn't amazing, but it's hardly the "nobody has seen us, right?" assessment that the Yap guy would have us believe.

I would be curious to hear how many downloads there were of this thing from Zango, or if they can't answer that one, at least how many installs of their Zango software were made via the Yapbrowser application.

Another one...

First of all, they were not my permanent web host company. The sites were kept there temporarily, before the launching of the program for the testing purposes by my employees. If I would have launched the program, I would have bought my own server.

At that time it was not worth to maintain an expensive server because this project was taking too much money, which I am very limited with. The websites were kept at that server for free.

This just doesn't make sense. If you want free web hosting, you can get that from anywhere. If the site's not supposed to be "on public view" in any case, why not just go for some ad-supported hosting while you test it? And wait - surely the application itself is what needs testing, not the website.

Yeah right, we were just "testing" and accidentally ended up on a box with tons of dodgy exploit sites. Oh noes. If anything, this tells me they need to hire some staff who know what they're doing next time.

As for the allegation that the whois details for their sites match the details often used for Cws hijack sites of the highest order?

I do not have any names, phone numbers, addresses etc...

.....yes, please register my website Mr Mystery Man, even though I don't know who you are and I know nothing about you. Here's all my money and I'd like you to inspect my wallet, too!!

First of all, I wasn't paying much attention to yapsearch.com website.

...no kidding.

To test it, I simply installed the design template with non-working hyperlinks and a search line field. I have no idea that on a non-existing page there might be such content with offensive material.

Yep, we simply had no idea that clicking one button would take us to nasty things.

But wait - Yap guy seems to be confusing the issues. Because at no time when testing the Yap search webpage functionality did I get taken to the UA pr0n. Clicking the links did nothing, and using the search box took you to a blank page (as you can see from Andrew Clover's video).

No, the nastypr0n only showed up for me when:

1) You tried to surf using the Yapbrowser application - not when using their search website.

2) You tried to enter in what you thought would be the correct URL for their "Adult version" of Yapbrowser in a normal browser such as IE or Firefox, only to be taken to the nasty stuff.

So, just to confirm - nothing nasty happened for me when using the Yapsearch website. Again - to me, this would point to something inherent to the Yapbrowser application.

Right?

In my honest opinion, I don't buy it. if I did, it'd have to be with a slightly manic grin on my face and about six kegs of Mam's Finest Ale in my gullet. With this in mind...and churning the above silliness over and over in your brain as you read what comes next...

Porter How rigorous was 180Solutions / Zango in terms of checking your application
before they agreed to have their software bundled with the YapBrowser application?

Yap's Response:The testing process was very harsh. First, our program is included into zango installer. We supply some design elements for the program installation, EULA text. The program installation is done with the confirmation of two agreements. Zango's approach to this issue is very serious; therefore, I do see that they are dependable, and choose them as partners. In this situation there is no zango's fault. Most likely it is my program's fault that such mistake was made. And, of course, the real offender is the host company.

Yes, that testing procedure was extremely harsh!

So harsh, in fact, that once again it took a bunch of external third parties to go in and clean up yet another fine mess (TM).

Porter:Did they test your application after it launched with the Zango product bundled?

Yap's Response: Yes, the testing was done. Maybe, at that time 404 page wasn't showing any illegal content. I cannot say for sure since I did not check.

Word to the wise - start checking things. As for the alleged "404", it's amazing how it only started pumping out the kiddy pics after all the testing had supposedly been done by Zango. Let me have a crazy moment here - it's almost like, shock horror, the people behind it waited for Zango to turn their backs and then flipped the switch!

No, it's okay Zango - don't bother doing any kind of basic searches on the people you're doing business with. Even if it does only take about an hour to find out everything you need to know about a disaster waiting to happen like this. Don't bother going back to anybody you partner with and (heaven forbid) test their applications out, just to see if they're diddling you. That'd just be madness.

Can it really be so easy to cheat the Zango system?

The bottom line is, 180 / Zango / whatever they call themselves have a distribution model in place that is fundamentally broken. More horrible tales like the Yapbrowser saga will continue to lurch into public view and pummel an already shaky reputation.

All I can say is, prepare yourself for the next one.

Because there will be a next one.

There always is...

Labels: ,

posted by paperghost at 9:06 AM | Digg it!

All Content © Vitalsecurity.org 2006. The content of this site is entirely the opinion of Paperghost, and is in no way endorsed by FaceTime Communications. In other words - have a problem, come see me.