[icq-devel] client-client version 6/7 ack?



Zoe Smale skyerat at hotmail.com
Mon Feb 4 07:14:32 CET 2002


>Excuse my version of what you wanted to tell me by "find the exploit", but
>im taking it in a kiddie and funless way, why would i want an exploit if
>by making the information publicly available i can code my own?.

I believe he meant that you should find the security hole yourself. Not that 
you should find an example exploit.

>I see no reason but fear to a huge company for not posting up the
>information .

Here's a reason: they want to protect their customers. The've released new 
versions of their clients with the bug fixed. They've made changes to their 
server to prevent attacks routed through the server. However, they can't do 
anything to protect people from a client-to-client attack if they haven't 
upgraded. By not making the information public they can hopefully limit the 
number of attacks until everyone has had a chance to upgrade.

This is not a coverup. Everyone knows the hole exists and all reasonable 
steps have been taken to secure it. It seems fair enough to me.

Regards
Zoe


_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx




More information about the icq-devel mailing list