Hello, I've found some private data leaks and major security issues with the Synergy 2 software about two months ago and tried to get into contact with Symless. Their responsive was quite negative, I was locked out of my Symless account (that includes a valid Synergy 1 Pro license I can no longer access) and told certain PII would have been removed from public servers (it's still there). Both Nick Bolton and Malcolm Lowe rejected to deal with my feedback. As a long term Synergy user (at least 12 years) and a security researcher, I'm in a difficult situation here. I gave Symless at least six weeks to address any security issues, which should be sufficient time in terms of a responsible disclosure, but since they did not address the issues I found, publishing them would make it even more obvious to crooks how Synergy users can be attacked. I hope that this public post might change Nicks or Malcolms opinion so that the security issues can be addressed before my research results get published. And if other fellow users of Synergy are interested in their security, I recommend to ask for Symless' stance on privacy and security reports. Best regards,
Patrick Kolla-ten Venne
Safer-Networking Ltd.