[icq-devel] security flaw
rejetto at libero.it
Mon Apr 8 01:34:13 CEST 2002
cut&paste of a piece of my reply to the icq support team
IO> We apologize but currently such an option is unavailable.
it was not a question but a statement. icq servers let other people
know if i'm online, also in invisible mode, cause of a security flaw
in the protocol. that is, everyone is able to know if another UIN is
really online, also in invisible mode.
Of course ICQ client doesn't say it, but with other software it is
possible. But no additional software is really needed, for an advanced
user, only watch data exchanged with the server.
I hope this security flaw will be fixed, and i'm available to explain
better if you need it. Please, is an important privacy matter.
More information about the icq-devel