Monday, March 13, 2006

Ektron: I have moved a stone

.. and got noticed

Ektron has noticed my entries about an issue I found with the standard installation of their CMS400.Net CMS.

I sent out another warning message to a number of website owners regarding the hole in their Ektron CMS. And again informed Ektron.

Yes, after a few days of wait and see. I checked my Google Analytics and saw that multiple people from New Hampshire had read my posts about the vulnerability. I now dare to say that there is at least one Tablet PC at Ektron and someone also uses IE7. So they do like to live dangerous. ;-)

And a reaction came from Ektron.

William Cava
Hi Rob,
Yes, we saw your posts and weÂ?re including a modification to the installer in our next release that will address your concerns.
Thanks for your feedback.
Bill

So, I let out a cry of success and wore a smile for the rest of the day. I have made a difference. Ektron will be more secure starting from the next release. My feet were hardly touching the floor anymore.

I think the recation from Ektron is the right thing. One can argue that the extra user account probably should never have been allowed. But hey they are human and can make mistakes. (I make them all the time.) What counts in their favor is that once they were notified of the problem they have taken action. So, hip hip hooray for Ektron!

Then I fell back to earth

Only to bad that the four website owners that I had mailed about the problem still had done nothing about the problem and are still wide open for abuse. Well maybe I need to be more patient with them.

Any ways ..

Ektron has taken my concern to heart and will fix it. Which is good news. Thank you Bill and thank you Ektron!