> The problem isn't that you are charging $100 for my program with some
> additional scripts for web and checks, it is the fact that you broke the
> only two constraints I had in my copyright.
> 1. Do not pretend you wrote it. In several announcements, you say your
> company developed Vulnerability Testing code, to only fail to mention you
> were using ISS as the basis of your engine.
This is incorrect. Your program was only about 10% of the total program
for vulnerability testing, not including the web scripts. I have not
charged anyone anything for your program, and have repeatedly stated in
both public and private forums that your software is free and available
on the net and that users need not pay anything for it. ISS has never
been the basis for my engine, is is only one of many programs used to
perform testing services. I am sorry you have a misunderstanding about
this, and I tried to explain it to you in private, but apparently you
still don't understand.
> 2. Do not make any money off of my code. Not only were you charging for
> repeated scans using my software, you are selling my demonstrational code.
Patently false. I have never charged anyone for your program, and have never
made any money from the testing service. In fact, I pay fees to an Internet
provider to get access to allow the tests to run, and donate a great deal of
my time to maintaining the service at no charge. I have never - repeat NEVER
sold any of your code.
> It is bad enough to totaly abuse the copyright, but then to never even
> notify the author of the code what you were doing shows a lot of integrity.
I in fact notified you and asked you permission to use your program,
which you granted on the basis that I tell people it is your code and
provide a pointer to your home page. I did so. If this is what you call
a lack of integrity, then perhaps you should reevaluate your definition.
> I just performed the new improved scan that you offer and not only did
> it do the exact same checks in the exact same order that it did when
> you were using ISS, it is the exact same format of output. The
> only difference I noticed was you removed any mention of ISS. That
> is hardly considered an improvement.
This is not correct, and furthermore, you should know it if you did this
scan. It does slightly different checks and several more checks, it
does them in a similar, but not identical order, and it adds information
on what each scan tests for and what to look for in your results. It is
a very big improvement for most users who don't understand the output
without additional information.
> You must have read the Greencard lawyers' Guide to Doing Business
> on the Internet. What a coincidence you charge a $100 for something
> that is already free. To save $100, you can get ISS v1.3 from
> http://iss.net/iss which does a deeper scan than all.net's testing
Please feel free to use ISS. It is a fine product and has, I am
certain, taken a lot of effort to develop. Again, let me repeat, that
the scans performed by our service prior to today were ISS scans
performed under what we thought were the terms and conditions set forth
by the author. As of the authors notice, we immediately removed those
tests and replaced them, and as of today, they no longer ISS scans.
I am truly sorry for any misunderstanding, and hope we have not unduely
burdend the readers of this forum through this effort to clarify this
\Management /\/| 216-686-0090 - PO Box 1480, Hudson, OH 44236
\ /\/ | Check out info-security heaven and test your system
\/\ /\/ | for known vulnerabilities (1st time for free) at URL:
\/Analytics| (scans deeper than SATAN or ISS) http://all.net:8080
Read "Protection and Security on the Information Superhighway"
-just released by Wiley and Sons-