[icq-devel] client-client version 6/7 ack?
skyerat at hotmail.com
Mon Feb 4 07:14:32 CET 2002
>Excuse my version of what you wanted to tell me by "find the exploit", but
>im taking it in a kiddie and funless way, why would i want an exploit if
>by making the information publicly available i can code my own?.
I believe he meant that you should find the security hole yourself. Not that
you should find an example exploit.
>I see no reason but fear to a huge company for not posting up the
Here's a reason: they want to protect their customers. The've released new
versions of their clients with the bug fixed. They've made changes to their
server to prevent attacks routed through the server. However, they can't do
anything to protect people from a client-to-client attack if they haven't
upgraded. By not making the information public they can hopefully limit the
number of attacks until everyone has had a chance to upgrade.
This is not a coverup. Everyone knows the hole exists and all reasonable
steps have been taken to secure it. It seems fair enough to me.
MSN Photos is the easiest way to share and print your photos:
More information about the icq-devel