The 2010 Pwnie Winner For Lamest Vendor Response

LANRev remote code execution

Vendor: Absolute Software

The LANRev remote administration program gained a lot of publicity when it was used by the Lower Merion School District in Pennsylvania to spy on their students at home. Addiging fuel to the fire, Leviathan Security found out that the LANRev software had a vulnerability that allowed anybody on the local network to take full control of any computers running the LANRev software. The response from the software vendor was hilarious:

“Is it theoretically possible [to exploit this]? Of course it is,” said Tim Parker, vice president of research and development for Absolute. “[But] we are not aware of any customer who ever had an issue with this. If any customer did express concern, we would immediately supply them with a patch.”

Read more