Jig

Inappropriate Actions Regarding the Security Topic

5 posts in this topic

This is in regard to the security post made here:

Why was this thread locked? This is a very relevant discussion for people using your product. I understand that the thread also contains personal matters. Please make a post acknowledging these security issues, or make a new sub-forum for users to discuss them among themselves. Security issues are absolutely on-topic, and the concerns posted by @livelace and @eth0 are valid. If you do not take interest in the issues researched by @Patrick Kolla-ten Venne, I fear that a malicious entity may. Please do not silence this matter; this is of high importance to us as daily users of your software.

Share this post


Link to post
Share on other sites

Oh boy, I didn't know they closed the thread. Now I go there to see why and the only response from the Symless staff is to say that @Patrick Kolla-ten Venne's account was refunded and that's why it didn't have access anymore. No word about the security issues at all.

Let's leave aside the fact that looks pretty weird for a long-term customer with an existing license for Synergy 1 that has submitted a 30 page security review to request a refund immediately and close the door on any further discussion on the issues, so I have to wonder why would you guys refund him without him even asking for it. But as I said, let's not focus on that. For all I know, he might have requested a refund and you complied.

Now, in the other thread I said the radio silence from Symless about the security issues was scary, and @Patrick Kolla-ten Venne's allegations about your negative response and refusal to address them looked like shady practices on Symless' part, but I tried not to make assumptions and wait for your official response about the matter.

And then you go and lock the thread without so much as a “we'll open an official thread very soon”! Way to address the issues, guys! O.o

Certainly doesn't look like sweeping it under the rug now, does it?

  • Like 1

Share this post


Link to post
Share on other sites

Thanks for raising this :)

Meanwhile, just in case they were thinking this to be a hoax, I posted a rough description of an attack vector and one weak part in Synergy here. One week without a reply, but I hope they're going to address the issue in the background.

You can also view the work in progress document at https://download.spybot.info/Reviews/Synergy2/Security Review Synergy2.pdf . I haven't updated this within the past week, there's still some stuff to add, and it covers the spyware issue more than the security issue, because under industry standards (ASC definitions), it would have to be regarded as such.

 

  • Thanks 1

Share this post


Link to post
Share on other sites

It's unbelievable, security recommendations and exhaustive report were ignored. Those things cost money, but in this case they just were ignored. It's unacceptable in modern world to just close eyes to threats and keep silence !

I did the right chose when turned off Synergy everywhere. I need to back to Nomachine until Synergy someday will fix all flaws.

PS. Patrick Kolla-ten Venne, thank you for you work!

 

  • Like 1

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now