While I can't argue that this isn't an issue, if there's one thing I've learned in my time testing various software it's that not all vendors place the same importance on protecting their programs as they do on improving things that actually affect the real customers. For example, I have knowledge of a (licensing) bypass that works on all 4.x versions of AppGuard and have previously warned BlueRidge of such a potential issue (without specifics) and suggested moving the checks over to the driver or service during my beta testing phase. In addition to creating potential lost revenue this *** vulnerability creates a path which would allow a pirated version 'made available to the public' to modify *anything* inside the service or GUI were the cracker clever enough (It'd be their own fault if this was used~the pirates that is!). I never received a real response on it so I assumed it wasn't a big deal for them, I did however receive responses for just about every other issue I contacted them about and have noted a few fixes as a result. In addition, another vendor - Agnitum, has a php script issue with the free version key page (along with every OSS giveaway page they've hosted so far) that allows users to create a lifetime key. Once again I attempted to contact them (anonymously) and report the issue but never got anything but the default (computerized) responses so I didn't bother chasing it further as they apparently weren't interested. These are only a few of the programs/examples I could complain about but the reality is that while I've found some registration/licensing loops in these and others, it doesn't mean I've found holes in the protections (that weren't fixed). Obviously I still use all these programs (as shown in my sig) and as such the type of story reported here means nothing to me as it isn't related to the actual protections the software itself offers and I find it amusing anyone who found such a gap would prefer to publicize it this way rather than at least attempt reporting it first. If nothing else this(these) incident(s) has(ve) strengthened my trust in such programs as they are obviously more concerned about helping the consumers with real issues - instead of just wanting to ensure the software isn't pirated! And just in case anyone expects that I'm talking out my ~ Snipped as per TOS ~...these are partial examples of what I found...hopefully obscure enough to keep most people clueless but it might be enough to show the ones who matter (should they view this page and make sense of it) that these 'issues' were real and my emails were meant to help. 64 32 0A 0A 0A 00 00 ?? ?? ?? B8 01 ?? ?? ?? 8B ?? ?? ?? ?? ?? ?? 64 89 ?? ?? ?? ?? ?? 59 ?? ?? ?? 5B 00 0A 00 00 ?? 47 08 ?? ?? ?? ?? ?? ?? ?? 35 03 ?? ?? 49 ?? 00 0A 00 00 #L_TYP#Lifetime
I'd actually be more surprised if Eset (or any other security software maker, for that matter) accepts its fault in these cases.
Since this can hurt their business and not their customer's security I don't see any problem. At least not for end users.
Is it hilarious? Yes. Is it actually relevant? No. It has nothing to do with their software or the team that authors it.
something odd with those licenses - the first one is not ESET NOD32 - it's Smart Security. The emails doesn't contain the license key - and the email also spells NOD32 as 'Nod32' - which is not how ESET spells it out (it should be all caps).
