When concerning secuirty issues....

Even if it turns out to be a false alarm, I would rather it be posted than not.  Thanks Dective08 for caring enough to report what you thought was an issue even if it turned out to not be an issue.

Thank you GG ... I honestly thought I stumbled across a huge security issue with dolphin sites and Boonex itself ... I even ticketed Boonex warning of what I found convinced it was just like I said.

Almost anyone that tries the tool without fully understanding it would have thought the same!   What would you think seeing millions of emails that you assume is private ?!

I feel a bit silly now and I can see Nathan is trying to make me look an x here with my original post but I don't care!

I Thought I was helping many people even though I was wrong ... Admittedly my own skills is not with servers etc but instead growing sites, development and SEO and this was an error on my part.

I still think I have pointed out something very important >> even if these emails are already public due to comment etc and posts ... this tool makes it easy for all this information to be gathered up on one page and used in whatever way possible (hence it's still not great and could lead possible security issues / breaches). This is very different to just stumbling across a few emails ...

Thank you for seeing I cared enough ... even if it makes me look stupid now ;)

Yes, thanks for posting dangerous/sensitive material in a public forum instead of contacting the developers.  And spamming the entire site in the process.  Fortunately, only the spam ended up being real.

Don't be too worried, though.  I used to do stuff like that all the time here.  Then I had a lobotomy and became a bosun.

Edit: Potentially.

I was asked to provide screenshot and It only contained a few lines compared to the thousands there was in-front of me!

I also tried to contact Boonex directly with no reply and still nearly a full day later still no reply ...

I accept my mistake and apologized.

Enjoy your 5 minutes trying to making me look stupid because it's the only time you have ever been able to and you very likely won't have the chance again ...

 He got the information from a public website from people who posted there own email address's for the world to see ?   As deano pointed out in the other thread.

Although i do understand what you were trying to do, i do have to agree with nathan on this one.

Lets assume this was a real situation. The proper response would be to inform boonex of the situation and nothing more.

I do realize you were only attempting to inform the boonex community of a possible security situation. However the forums are not the way to do it. By doing so, not only were you informing dolphin webmasters, you were also informing those interested in exploiting dolphin. The entire world because these forums are public and are indexed by the search engines.

It would be like releasing a virus into the world before a antidote could be created.

None of the big software companies such as Microsoft, Redhat, Mozilla, ect make security vulnerabilities publicly known on their own websites until they have developed a patch.

My actions was not aimed at just warning people BUT in hope for someone like yourself to say "right it's an issue and here's a quick fix"

I mailed Boonex directly without any response and even now still no response so I'm sorry but I cannot afford to sit around waiting for Boonex to provide security patch while data is possibly being stolen and abused!

I hoped someone around at the time could also see issue and help ...

A error on my part,  and if I ever have such worries again in regards to security I won't post to forums in the way I did.

This has been hashed out before and the consensus from the security community is that not releasing vulnerabilities is more harmful than releasing them.  MicroCrap doesn't want them release not because it will hurt people using their software but because it forces them to release fixes before they want to.  MicroCrap does not make any money on fixing their crap; they want to pay programmers to add useless features to force people to buy new versions.  The back hats already know the information, it is spread throughout their community as soon as an exploit is found.  Keeping everyone else in the dark only hurts them because they could be taking preventive steps while waiting for the security fixes to be released.  A security fix for ActiveX six months after my site has been hit is of little good to me when I could have removed the ActiveX component (not that I would ever have that security hole on my site in the first place) at the time the exploit was discovered and released; exactly against what MicroCrap and others thinks should occur.

 Exactly what I was getting at when I said "I'm sorry but I cannot afford to sit around waiting for Boonex to provide security patch while data is possibly being stolen and abused!"

I have very a active network with sponsors, local advertisers and thousands of members ... If I sit around waiting for answers and something happens in-between this time I might as well put a gun to my server and blow it away cause ultimately years of hard work and relationship building will have gone down the drain ...

Also FYI it is 2 - 3 days since I mailed Boonex directly and still there has been no reply ... Not even to tell me I have got it all wrong ?!

it can take less than a few minutes in most cases to gain sensitive data, launch attacks and, or destroy someones site  and reputation ...

The additional info was requested regarding this issue.

It was 2 days delay because of weekends.

 I am not attacking you or Boonex ... just making my point why I also seek confirmation / help from forums too!