[ale] running OPA (other people's apps) on my network
Richard Bronosky
Richard at Bronosky.com
Thu Jun 25 15:24:45 EDT 2009
I'd isolate the "Trojar Horse" on its own VM, monitor, isolate. Write
up a report on all of it's network activities. It is extremely uncool
to be asked to do such a thing.
On Thu, Jun 25, 2009 at 2:23 PM, Chris
Kleeschulte<chris.kleeschulte at it.libertydistribution.com> wrote:
> I need opinions here.
>
> For a while now, I have been forced to run Custom Data Solution's
> DataStreamer Jar file on hardware under my care. For some reason the
> before-mentioned company insists on me running this jar file to be
> able to submit data to them so we can get a discount from the vendor
> that is a customer of theirs.
>
> I have asked to just POST the data to them and they can run their own
> app against it on their machines, they refuse.
>
> I have asked to see the source code for the datastreamer java app,
> they refuse.
>
> I have told my company not to comply with their data plan, my company
> refuses.
>
> Custom Data Solution says that they have many customers who run their
> app on the customer's machines/network, nary a complaint.
>
> I have quarantined this app as much as possible, but this is extremely
> bad business for CDS to ask me to run their app on my network without
> providing me the source code. I try to run only apps that I compile
> myself or from trusted sources.
>
> What would you all do in this situation? I guess I am just wondering
> if you think that it is absurd for a client to ask a supplier to run
> their software? The unmitigated gall.
>
>
>
> Chris Kleeschulte
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>
--
.!# RichardBronosky #!.
More information about the Ale
mailing list