Much has been made recently of ZDNet’s so-called “expose” (really a smear piece) about our software. And one of the most disturbing accusations is that we were exposing user data by having our tracker agent communicate over the unsecured TCP Port 80. As evidence, ZDNet blogger Jason Perlow offered up network traffic sniffer data showing our client communicating in the open and without encryption.
After an extensive investigation on our end, we have concluded that the use of Port 80 by the ZDNet client was an isolated incident, the result of a registration script error on our end. Simply put, we were not prepared for the sudden disappearance of our co-branding partner, InfoWorld (ZDNet registered with us the same day that IDG pulled the plug), or their normal registration process, which they controlled. As a result, when ZDNet registered its test VM with us, they were inadvertently redirected to an old test version of the script and it input the incorrect values for the ASPScriptPort and ASPScriptProtocol fields in our console configuration table.
Note: Other clients that were connected at the time were indeed communicating over SSL/Port 443. In fact, if ZDNet bothered to check back now they’d find that the agent now defaults to this mode for all future connections.
Much has also been made about our SSL certificate, which expired in September. To this accusation we have no response other than to say that we screwed-up. It was on our to do list and we missed the reminder notices from our issuer. Fortunately, our client agent is configured to ignore certificate errors when dealing with our server - a precaution we built in when a malformed certificate tripped us up several years back. So while the certificate may have been invalid, our client agents were still capable of connecting to the server using an SSL-secured connection. Regardless, we will be renewing the certificate shortly.
Bottom Line: The DMS Clarity Metrics Tracker agent is an SSL-secured program that does not expose user’s data – when properly configured. Obviously, the events of this past weekend – specifically, the sudden removal of the Windows Sentinel code from InfoWorld’s web site (an act that was in violation of our hosting contract with IDG) – caused a few ruffles in what had heretofore been a fully secure service with an unblemished operating record spanning nearly four years.
But we don’t expect Mr. Perlow and his hired hit-cronies at ZDNet to pay any attention to above disclosure or how it might explain their “alarming” experiences with our agent. They have their marching orders, and all signs point to Redmond as the real impetus behind the whole sordid affair.
Make no mistake: Online IT Journalism is dead, folks, the victim of greed, bias and an unquenchable thirst for page views…
RCK
0 comments:
Post a Comment