---------------------------------------------------------
From: STARBASE-21
Sent: Wednesday, August 15, 2001 7:07 PM
To: Merchant Coders; Merchant-Users@Miva. Com; Miva-Users
Subject: [meu] OPENUI SECURITY ISSUE - CREDITS!
---------------------------------------------------------

If you haven't yet updated your OpenUI, you need to do so immediately.  For
more information check out our site at http://miva.starbase21.com/, the News
story on the front page will give you more information.

Now that things have settled down a bit, I wanted to personnally thank those
that played an important role in finding and fixing this security hole:

1. Ivo Truxa -- http://mivo.truxoft.com/

Ivo is our resident security expert.  He has been personally responsible for
many of the fixes that have been released by Miva (as well as ourselves)
over the past couple of years.  Ivo is a resident of the Miva Script Users
list and has just recently started making an appearance on the Merchant
Users list.

Ivo was directly responsible for causing me to review the code in the OpenUI
for security holes.  Without him, this fix might not have occurred until
AFTER a break-in.

* For those of you that have clients that insist on having credit card
information emailed, Ivo is about to release his MmPGP package, which will
do just that.  It will be available shortly in the STARBASE-21, Inc. store
(as well as other of your favorite resellers).

2. Levi Corcoran -- http://miva.starbase21.com/

Levi worked with me all weekend to get the hole fixed, to make sure there
were no other holes and to build and test different OpenUI trial releases.
The hole was related to some performance enhancing code that was added to
the OpenUI.  We had to find a way to close the hole, yet not impact
performance.  Without Levi's help, we wouldn't have been able to get it out
as quickly.

Again, I personally urge ANYONE running an earlier version of the OpenUI to
upgrade immediately.  The upgrade should be painless and should not impact
any of your data or existing modules.  This is the power of the OpenUI,
allowing updates/upgrades/etc with little or no impact on your store
customizations.  The OpenUI does for the MMUI what Merchant did for shopping
carts......modularization.

Thanks for your time.

Darren Ehlers, CEO
STARBASE-21, Inc. -- http://miva.starbase21.com/