A formal announcement that, as of this moment, I formally resign my site from ASAP and I also resign from ASAP as a member.

Spywareinfo.com chose to absolutely slaughter my website without apparently bothering to check the facts first, and has caused me a huge amount of grief in doing so.

Despite posting about this on the Spywareinfo forum and also addressing this in the Admin section of this site, no reply was forthcoming.

The newsletter was eventually pulled for a short while, only to come back with the following addition:



Absolutely unbelievable, not acceptable and a total disgrace.

Since when did ASAP allow member sites to attack each other in such a fashion?

My site was accused of "libelous" remarks, when in actual fact the only libel appears to be coming from Spywareinfo.com.

I cannot allow my site to be totally dragged through the mud unchecked, and be expected to pretend nothing has happened. And I certainly cannot keep my site on the same listing as the site that caused this mess.

If you'd like more information on this - the original article:

http://www.vitalsecurity.org/2005/03/firef...infects-ie.html

The newsletter:

http://www.spywareinfo.com/newsletter/arch.../2005/mar13.php

The forum entry at Spywareinfo:

http://forums.spywareinfo.com/index.php?showtopic=43194

My response on Vitalsecurity:

http://www.vitalsecurity.org/2005/03/spywa...alsecurity.html

I'm still waiting for some response, though at present nothing is forthcoming. I waited over a whole day for a reply - more than adequete for someone to get back to me. If I'm expected to simply lie down and die over this, you're very much mistaken and I'm considering taking this further.

Outrageous.

As of this moment, I am no longer a member of ASAP and will remain so until I recieve a proper apology, or Spywareinfo.com is removed from ASAP. And as neither of those is likely to happen, I will happily remain a voice in the wilderness.

Paperghost

Vitalsecurity.org

http://forums.maddoktor2.com/index.php?showtopic=3428

im in the "just plain dumb" section of mike healans weblog!

man, this sucks :\

Very disappointing newsletter to say the least..

From what I see so far the linking of your site in that newsletter is basically saying the comments by Mike Healan are aimed at you and your article , I cant see how anyone could think otherwise..

As always you have our full support.

Thanks, its appreciated

From the looks of it that newsletter has gone down like a lead balloon all round.

I would hope Mike is honest enough with himself to at least clear up the confusion his newsletter causes and attempt to correct the misleading information , instead of just sweeping it all under the rug like I think will be the case.

im not sure theres any way to sweep this one under, though it just makes me laugh that i had to resign from ASAP to get this noticed - all ive had since yesterday from SWI was a wall of silence.

however looks like that wall is now doing me a favour with every passing second - and he really should be more careful who he attempts to tread on in future. Not everyone squashes so easily!

It'll be so interesting to actually hear what he has to say about all this.

Well he could choose to just ignore it altogether , but I dont see how that could last for too long , I'm sure Mikey could tell you about a few of his experiences when trying to get any kind of response.



Yes, I'll be very interested to hear his explanation on why he chose to target you and your article for his attack, as I'm sure you definitely are.

I hope that you do get a proper explanation , and an apology with that explanation.

In my opinion your articles are always well researched and honest , and definitely informative.

Thanks

I'll keep you posted

hes online now...let us see where this goes...

my god - cnm just posted in the SWI thread with the lamest damn thing i ever saw.

what the hell is going on?!?

This will get worse before it gets better.

Hey, paperghost

I read your report before all this happened and I liked your work.

The most important part is that this message get out to peeps so they know what to do when the time comes. My first thoughts were why do I even install java, but thats what I say about windows as well.

keep up the good work


firstaid

Thanks

Hi paperghost,

just to say good research, nice catch, whatever those 'ignorant' ppl say ...

pruttel

Thanks Pruttel the longer they leave it without responding, the worse it looks for them.

hes already damaged the name of spywareinfo forever imho.

Well I sent off an email to this guy , asking him to do some research before mindlessly reproducing other peoples garbage , and his comments equally dissapointing and baseless.


The text in BOLD are the comments added by Ken Harthun , who didnt bother to do any other research of his own or comprehend the full article at Vitalsecurity. :



and so it continues..


Mike said it best , too bad he doesnt believe in his own words..



I can think of two people who should now be printing corrections to their misleading information and being ashamed of themselves .. and Paperghost is not one of them .

apparently his REAL name is James - though at present it appears to be mud.

though he's more of a ghost than i am!

Ah ok , so he was right in the name but wrong on everything else.

I guess Mike|James is either to busy to even comment or hoping if he ignores it all it will go away sometime in the future.

in about 500 years maybe

he'll find out im in this for the long haul. just made a nice addition to my last post over at swi too

Hi paperghost,

If people are to lazy or just flash on headlines without reading the whole article before making comments, they shouldn't even write a comment.

Keep up the excellent work you always provide.

Kim

Thank you

God, I love it round here - nobody shouts at me

LO PAPERGHOST! I'LL SHOUT TO YOU!

Just kidding

Keep up the good work, sorry great work.......don't pay attention to people more than they deserve. Let them understand their fault, if that happens, and if they admit it, and if they read it again from the first word until the last without skipping lines, paragraphs, if they understand what it says, and if........well just do what you're good at. The fame comes from what everyone does so do what you're good at and you'll receive respect.

Ok , well at least Ken had the decency to reply to my email , and I thank him for being honest , regardless of the true facts contained in the article.

Ok , since Mike Healan has disgracefully failed to take any notice of his mistake or address his misleading information , here are the main links so people can see for themselves what has happened..

The initial discussion of a possible browser vulnerability at Tom Coyotes excellent forum :
http://forums.tomcoyote.org/index.php?showtopic=31385

Paperghosts article in question which is the target of the spyware info newsletter:
http://www.vitalsecurity.org/2005/03/firef...infects-ie.html

The same artice also mentioned by the Register:
http://www.theregister.co.uk/2005/03/11/al...tive_slimeware/

The ridiculous and misleading blog / newsletter entry drawing wild conclusions from out of nowhere and linking to paperghosts article :
Epidemic Of Firefox Spyware Infecting Computers Worldwide!
http://www.spywareinfo.com/newsletter/arch.../2005/mar13.php

The fallout from the ridiculous newsletter penned by Mike Healan - Spyware Info [ members only] :
http://forums.spywareinfo.com/index.php?showtopic=43194

Now even Sponge is picking up on Mike Healans blatantly misleading newlsetter entry :

http://www.geocities.com/yosponge/blockips.txt



Where will this end ?



Good to see Ken has realised that the Spyware Info Newsletter was misleading and has issued an apology for his comments:

http://channels.lockergnome.com/windows/ar...revisited.phtml

Interestingly many security researchers and journalists are now agreeing with me. There are many more articles out there like this appearing now, which in my opinion validates absolutely everything i said 100%.

http://www.edbott.com/weblog/archives/000562.html

for a rundown on the windows install

and

http://www.edbott.com/weblog/archives/000568.html

for a look at the general hysteria that greeted the intial exploration of the install.

From Sans.Org - March 15th - Handler on Duty: Dan Goldberg
Updated March 16th 2005 03:16 UTC

http://isc.sans.org/diary.php?date=2005-03-15

cool, on sans twice in 12 months

i saw this and i couldnt resist stepping into the lions den - im curious to see if i can clear up misconceptions in the firefox "community" about the original article:

http://www.spreadfirefox.com/?q=node/view/12886

also interesting to see the SWI thread rumbling on..!

I wonder how many of those replying in the firefox thread are capabale of even understanding the facts. Oh you said something about firefox and it didnt include that its the greatest thing since sliced bread... you must now die !! lol..

lol yeah - the best one was that my article was "disgraceful" because i only had 77 members on the forum(!)

ive actually had a lot of email from "regular" ff users thanking me for pointing out that they shouldnt click java applets under the notion that FF makes them "safe". more than anything else, thats the only vindication i need

Also - a little off topic - what is this?




its my site, but stuck in a frame or something. any reason why they would do that?

?? thats weird .. I guess a simple link to your sites article wasnt enough for those guys ..

im sure there was a site that did something similar with grinlers place - he wasnt too happy either, though i cant remember the reason why.

gaaaah......my poor brain....

Hi paperghost,

I hope the furor has subsided and that people of good sense can see the common goal again.

Have you rejoined the ASAP team? Did they offer input and support during this episode?

Just curious.

Mike

Well, as im sure you can appreciate, i cant go into details with regards what ASAP attempted internally.

however, what i CAN say (which is no great surprise) is that Mike Healan never got back to me at all. The silence speaks louder than words in this case - especially as its since transpired that the lyricspy site that caused all the fuss actually WAS trying to serve up an .xpi that, if loaded into firefox, infected IE with the xxx toolbar.

so the one resort that people had against the article - the title - was effectively sliced and diced, because the answer was an emphatic "yes".



As for ASAP, I've rejoined and that should hopefully be the end of it.

The interesting thing will be whats in SWI's next newsletter. i think it'd be commercial suicide to send out another rant (espcially in light of the firefox .xpi), so we'll have to wait and see.

Whats interesting is that the SWI newsletter has now apparently caused a fallout in the firefox community and they're the ones who arent too happy about what he said. Quite an interesting twist there!

I feel totally and utterly vindicated at this point - its been a long, hard battle but i'd like to think the integrity of my site and what it stands for is intact

Thanks for the support you guys have shown

Heh, I don't allow downloading by websites, and with Javascript only able to change images in Firefox (by my own settings), it was funny going to the lyricspy site and having absolutely NOTHING happen on my end

I was aware of this possible "hijack" awhile ago via Secunia advisories. I believe Firefox 1.02 fixes this vulnerability does it not?

As for all of the other mess, well, you know how people can get when their ego is more important than the facts. I happen to value your contributions to the community at large paperghost. Keep up the good work.

Thanks

With regards the secunia vulnerability, did you mean this one:

http://secunia.com/advisories/13271/

As far as i know, the newest version of FF was for some really obscure exploit that hadn't been used in the wild yet - though i need to do some more digging on this, as im curious to know exactly what the new version fixed. the update page on mozilla is strangely cagey in actually saying what the problem was.

Ah well, time to dl the newest version and test it out

/ EDIT - apparently the vulnerability they fixed was to do with buffer overruns caused by coding to do with animated gifs.