Probably some of you reading on Twitter have seen quite numerous (re)tweets about security issues in Zenphoto. We are little upset about the way these sites act so we feel forced to comment on these now.
There is a website that purports to be a security advisory site: High-TechBridge. But from some recent postings one really has to question what their real purpose is. If you look at their site you will see lots of claimed vulnerabilities they have discovered. Look also at the services they advertise. If the other developers experience is anything like Zenphoto's you will really have to question their motives. Especially when you consider that the site originally posts these as "preliminary" saying that they have contacted the developer ("Vendor notification: 07 April 2011"). Which they never did.
High-Tech Bridge HTB22945 reports a generic problem with (...)