[Buzz]

This is slightly off-topic, but I believe might be of interest. It's a post from a current thread on the mods forum, and quoted with the author's permission. The thread is titled "Suspected Cheating on AP."

[ QUOTE ]
<font color="green">diebitter
grotesquely handsome</font>

The most likely way this is being done, if it's being done, is some guy or group is getting access to the database at the back, and just refreshing the same bit of sql to read the hole cards for a given hand. It's just a username and password, once he's breached the firewall. Developers pass the stuff around all the time within a company.

There's not really a need for a 'backdoor' in the software as such, just a clean path into the database. an insider could do this easily if Absolute are in any way slapdash about security.

Anyone know if they have independent verification of their security?

Edit: Hell, I've been thinking about how I might do this if I were dishonest. I'd put a little web page with its own password protection on the server so it has protection from some lucky passerby finding it, out of the way, which pipes straight into the database. I'd make it pass sql straight through unchecked, and pipe the results to the same page. I could write such a thing in like 30-60 minutes if I was on the inside. Then, any database access is internal between web server and database server, and the little web app by definition bypasses firewalls etc.

This would leave lots of evidence if you knew where to look, but companies wouldn't really be looking.

Take all this as speculation, obviously.

Edited by diebitter (09/15/07 05:16 PM)

[/ QUOTE ]