Don't Trust Salesforce.com (Revised)

Twitter (FxNxRl)

Follow me

Ads / Sponsors

Ads by Project Wonderful! Your ad here, right now: $0.40

Google Search

Site Rank

Powered by

My FOSS Work

Groups, etc.

Thursday, September 20. 2007

In principle, the "network is the system" idea has a lot of merit. The benefits of having all your data stored in some reliable, secure, redundant database that's centrally managed and hooking into it with whatever device is at hand — be it a desktop machine or a cell phone — has a lot of appeal. Keeping a system available on the net, up to date with fixes and patches, and secure is no trivial job. It's exactly the sort of thing that should be left to someone who is a professional at it.

[Revised: Less than 24 hours after I posted this, I received a phone call from a salesforce.com representative, apologizing for the misuse of my information. My understanding is that one of their partners is to blame; that the misuse originated outside their organization. I was looking forward to receiving more details in an e-mail, but in preparing to let their mail pass my spam defences, I messed up -- and all mail has been bounced from late Friday through most of the weekend. Hopefully they will re-send it so I can add more factual information to this. At this point, it's clear that at least Salesforce takes this sort of misuse very seriously, and I have accepted their apology.]

The big hold back has always been that "secure" part. How reasonable is it to assume that some third party is going to take as much care of sensitive information as its owner would? Somehow I've always had this nagging concern that the security of data isn't really as important to these application hosting companies as they want us to think it is. That might sound a little paranoid, but a little paranoia tends to be healthy when it comes to system security.

This is one of the reasons why I've tended to advise clients to save the monthly per-user fees they would pay to an application hosting firm, use it to set up their own secure server and to pay for someone to maintain it. In most cases there's a free tool available that will exceed the requirements of most small to medium sized enterprises, and the actual amount of time required to keep a system secure makes it cost effective to maintain control of the systems while outsourcing the maintenance.

One of the more popular web applications is contact management. The leader in this field, salesforce.com, has been wildly successful at helping companies spend less energy on the systems that support the sales process and more time on actually selling. Generally speaking this is a good thing. A few years back I did a business analysis of the Salesforce solution versus some low-to-no cost alternatives like SugarCRM.

As part of that analysis, I signed up for a free account at salesforce.com. now when I sign up for something like this, I usually create a unique mail address — so I can trace spam back to the source and beat up whoever failed to protect my data. Over the last few years, there's been a real drop in the number of companies that will unscrupulously resell a mail address. This has been the result of both a huge backlash against spam and some well placed legislation. These days, when a trace address gets spammed, it's usually the result of a misdeed; someone deliberately copies the data and sells it without the knowledge or consent of the company who owns it.

Well last week my Salesforce.com trace address got spammed. Here's part of the headers:



From - Fri Sep 14 07:38:59 2007

>From dealmakermedia_2CD269C9A686B38C3141790CE0B1990652961EAF3BE0B1A3@response.whatcounts.com Fri Sep 14 06:38:12 2007

Received: from common1.wc09.net ([38.100.231.181])

 by xxx.yyy.com with esmtp (Exim 4.68)

 (envelope-from <dealmakermedia_2CD269C9A686B38C3141790CE0B1990652961EAF3BE0B1A3@response.whatcounts.com>)

 id 1IW9Up-0008L1-Dc

 for (deleted)@ambitonline.com; Fri, 14 Sep 2007 06:38:12 -0500

Received: from josephine.whatcounts.com (192.168.127.32) by common1.wc09.net (PowerMTA(TM) v3.2r8) id ht9mui0c2qc7 for <(deleted)@ambitonline.com>; Fri, 14 Sep 2007 04:16:37 -0700 (envelope-from <dealmakermedia_2CD269C9A686B38C3141790CE0B1990652961EAF3BE0B1A3@response.whatcounts.com>)

From: "Dealmaker Media" <dealmakermedia@response.whatcounts.com>

To: (deleted)@ambitonline.com

Subject: The Momentum 15: Ladies and Gentlemen, place your bets!

Date: 14 Sep 2007 04:47:01 PDT

Reply-To: "Dealmaker Media" <dealmakermedia_2CD269C9A686B38C3141790CE0B1990652961EAF3BE0B1A3@response.whatcounts.com>

ENVID: WC-1189770421372-F78F7

Message-ID: <2CD269C9A686B38C3141790CE0B1990652961EAF3BE0B1A3@response.whatcounts.com>

MIME-version: 1.0

Content-type: text/html

X-Mailer: WhatCounts

That caused me to forward the message to a support address at salesforce.com:



Date: Fri, 14 Sep 2007 08:22:10 -0400

From: Alan Langford <jal at remove_this_nospam ambitonline.com>

User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)

MIME-Version: 1.0

To:  support@salesforce.com

Subject: [Fwd: The Momentum 15: Ladies and Gentlemen, place your bets!]



As you can see from the headers of the message below, when I provided 

information to your organization, I used a highly traceable address in 

order to detect violations of my privacy. I can assure you that the 

address "(deleted)@ambitonline.com" was provided exclusively to your 

organization. In my experience, this sort of violation is frequently due 

to unauthorized use of data, and as such it is probably as serious a 

matter for you as it is for me.



I look forward to a report from you on how this personal and proprietary 

information wound up in the hands of the group who sent this message, 

and the actions you are taking to prevent it from happening again. 

Moreover, given your inability to protect this information, please 

explain why I should trust your organization with something as sensitive 

as my own contact database.

After receiving no response, I sent another message to them this morning (September 20, 2007), informing them that I was planning on making their data loss public. Still no response.

So that's it. Either salesforce.com is violating their own privacy policy, which seems highly unlikely; or they have had an "unauthorized data leak" and they don't want to talk about it much. There's a third alternative, which is that a response from their support team takes more than a week.

The first two possibilities are serious indeed. Serious enough for me to confidently say don't trust your sales data with salesforce.com, ever! Set up your own system (and most likely save a boatload of money in the process). As for the third possibility, well... just save a boatload of money and get better support in the process.

It turns out I wasn't so paranoid after all.

Posted by Alan Langford in Internet Technology, Business at 19:48 | Comments (4) | Trackbacks (0)

8678 hits

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

Alan,
I work for salesforce.com, and while I don't speak in official capacity, I regret that you did not get a response to your email. I took a look at the email address you provided on sign up and a possible explanation suggested itself to me. I get spammed a lot at my domain using targeted dictionary aliases. For example, admin@kingsley2.com gets the most web hosting junk. The traceable alias that you are using just happens to be the target of much web marketing related junk mail. That seems to me like a more plausible explanation than salesforce.com having a data leak.

#1 Kingsley (Homepage) on 2007-09-21 13:46 (Reply)

You have a good point. Since the dawn of dictionary attacks I have moved toward adding a random seed to my "trace" addresses to prevent this. However, to date every misuse of a trace address has been clearly linked to the original source -- typically the subject matter is closely related to the site, instead of the generalized noise common in indiscriminate spam.

As you can see from the revision I added near the beginning of this post, the misuse was due to a third party with legitimate access to the data, not a dictionary based attack.

I think that deliberately trying to find addresses using my old trace technique would offer too little payback for the spam harvesters. Probably the only target that they would be successful with is people like you and I who manage our own domains and have some technical wherewithal. The "admin@" and "sales@' class of spam is based on both addresses recommended in the Internet RFC, and simply guessing at likely hits, such as "accounts@" or "webmaster@".

#1.1 Alan Langford on 2007-09-24 11:36 (Reply)

Salesforce.com should be implementing two-factor authentication system, like Salesboom.com and NEtsuite does.

#2 Tom Greenberg (Homepage) on 2007-12-01 19:10 (Reply)

SF.com is junk. never mind this email stuff - try using it. it is one of the worst pieces of online software every. Their interface is pitiful - they havent changed a thing since the early 2000s. their report generator is super inflexible, and any time you customize anything - the system begans to cumbersome and the UI super congested.

There is clearly a lack of talent in this company. it must have all left when going public.

#3 Ed on 2009-08-27 16:11 (Reply)

Add Comment

Name
Email
Homepage
In reply to
Comment	Enclosing asterisks marks text as bold (word), underscore are made via _word_. Standard emoticons like :-) and ;-) are converted to images. E-Mail addresses will not be displayed and will only be used for E-Mail notifications
	Remember Information? Subscribe to this entry
Submitted comments will be subject to moderation before being displayed.

Competition entry by David Cummins powered by Serendipity v1.0

Net Neutrality

Canadian? Don't let the telcos dictate what your Internet connection does! Sign the petition here:

Authors

Syndicate This Blog

RSS 2.0 feed

RSS 2.0 Comments

Geek Blog

On Development Teams

Amazing Code Repository Visualization (Joomla)

MySQL's Post-Oracle Future

On the Enforcability of the GPL

More Controversy: the Joomla Extensions Directory (JED) and the GPL

Simplifying Joomla Template Layouts

How to: Ubuntu PHP Remove Suhosin

Joomla 1.5.8 is... is what??

"IBM May Quit Technology Standards Bodies" WSJ Screams

In Search of an Application Framework: PHP GTK Python XULRunner

Administration

Top Exits

www.michaelgeist.ca (26)
www.ambitonline.com (15)
www.conferenceboard.ca (13)
www.joomla.org (8)
www.mozilla.org (8)
www.sculpture.net (6)
developer.mozilla.org (5)
php-gtk.eu (5)
www.mootools.net (5)
ap5l.googlecode.com (4)

Comment Submissions

All comments are moderated. If you submit comment spam, you consent to having your text edited to reflect extremely badly on the site you're attempting to promote. A spam comment is both consent and an explicit invitation to have your text edited to include insults, untruths, derogatory remarks, slurs, and so on. This consent applies even if a third party added the comment, whether or not you had any direct or indirect involvement with it. You also consent to having all communications related to any comment disclosed on this site and elsewhere.

Finally, should you choose to ignore this and undertake any action to have comments removed, you agree to compensate us and/or anyone we designate at the rate of US$2,500 per hour, in addition to any legal costs, be they reasonable or otherwise.

In short: spam at your expense and peril.

Don't Trust Salesforce.com ...

It's Fixed in the Next Release