http://matasanochargen.disqus.com/enTue, 20 Feb 2007 06:46:19 -0000http://www.matasano.com/log/699/did-idg-bet-1000-that-acunetix-cant-steal-credit-cards-from-random-websites/#comment-2321582Did anyone realise that Network World deliberately removed postings of Acunetix from its website?<br><br>True they are a vendor but isn't this beyond journalism, our right to know what is truely happening and the constitutional right to free speech?<br><br>Network World have lost a loyal customer and Acunetix have gained a new one!<br><br><a href="http://www.acunetix.com/news/acunetix_reveals_data.htm" rel="nofollow">http://www.acunetix.com/news/acunetix_reveals_d...</a>John Tibbs JamesonTue, 20 Feb 2007 06:46:19 -0000http://www.matasano.com/log/699/did-idg-bet-1000-that-acunetix-cant-steal-credit-cards-from-random-websites/#comment-2321581If Acunetix doesn't win, can I get 1k if I binary patch it to find the required criteria? I don't use web application vulnerability scanners, but I know for certain that it is capable of finding this sort of information very easily. I have seen plenty of these exact findings from people using SPI and Appscan...<br><br>If Acunetix does win, I suggest they call the FCC and have them fine IDG to a tune of a few hundred thousand to million dollars for allowing personal information to be stolen from their website.dreWed, 14 Feb 2007 19:32:10 -0000http://www.matasano.com/log/699/did-idg-bet-1000-that-acunetix-cant-steal-credit-cards-from-random-websites/#comment-2321580I think it is actually worse than that. While I am sure they were just loose with language, by offering money to have Acunetix break into someone's website to retrieve credit card information, I am reasonably sure they have committed an illegal act themselves. Of course, I am not a lawyer...Dave G.Wed, 14 Feb 2007 14:48:35 -0000http://www.matasano.com/log/699/did-idg-bet-1000-that-acunetix-cant-steal-credit-cards-from-random-websites/#comment-2321579"On the other hand, even a stopped clock, etc, etc: most people in the trenches would say 70% is a lowball estimate."<br><br>My sentiments exactly. <br><br>I happen to agree with the point Snyder is trying to make, which is that there's a disconnect between scanner findings, app-level vulnerabilities, and actual data booty - a point that is missing from Acunetix marketing stunt for obvious reasons. But in trying to stunt on their stunt, he's let himself get backed into a corner, and the outlook's not good. Either he backs off, or he and McNamara are going to be in hot water with IDG's CISO and legal team. This will be a fun one to watch.PaulMWed, 14 Feb 2007 11:39:14 -0000