[icq-devel] client-client version 6/7 ack?



rad2k rad2k at mail.ru
Mon Feb 4 23:30:32 CET 2002


Zoe, List,
        I'm sorry if by mailing my reply to the list, I made you all 
download some kind
of an offensive mail which actually was/is just ment to be a reply to 
Daniel Tan.

in reply to you Zoe,

> I believe he meant that you should find the security hole yourself. 
> Not that you should find an example exploit. 

I see no FUN in re-inventing the wheel as i previously said. And ill ask 
Daniel to excuse
my version of 'find the exploit' for a second time then.

And using the following statement Zoe wrote, ill reply to you all who think
the very same way:

> Here's a reason: they want to protect their customers. The've released 
> new versions of their clients with the bug fixed. They've made changes 
> to their server to prevent attacks routed through the server. However, 
> they can't do anything to protect people from a client-to-client 
> attack if they haven't upgraded. By not making the information public 
> they can hopefully limit the number of attacks until everyone has had 
> a chance to upgrade.
> This is not a coverup. Everyone knows the hole exists and all 
> reasonable steps have been taken to secure it. It seems fair enough to 
> me. 

I see nothing here but common procedure for a company/individual who's 
product
had to be upgraded due to a bug finding. This is the same for everything 
such as hughly
used programs all over the world including ftp servers ..well, anything.

What i do NOT get, is the point of hiding the information from icq 
developers who
are suscribed to an ICQ devel list where reversed-information of the 
protocol is discussed,
delivered and implemented. I see no difference between making the bug 
information
publicly available and writing a forbidden icq client. Im speaking in 
terms of -law-,
even more, the second thing sounds more serious than just showing 
everyone what your
legally downloaded product brought along (a bug heh).

Well yes, lets be pitty and have mercy for Mirabilis, the company which 
spams our
mail, stores our icq numbers, makes millions out of our -tired of 
looking at advertisements-
eyes and etc, etc, etc..

Damn well im sorry if im being too violent here but had a bad day and the
weather over Buenos Aires is pretty sucking, its just my point of view 
and a nice
thread where to spend some time on discussion.

regards,

rad2k
+


>
>
> Regards
> Zoe
>
>
> _________________________________________________________________
> MSN Photos is the easiest way to share and print your photos: 
> http://photos.msn.com/support/worldwide.aspx
>
> -------------------------------------------------
> icq-devel - The forum for ICQ protocol discussion
> For unsubscribe and other mailing list info, see:
> http://www.d.kth.se/~d95-mih/icq/icq-devel/
>
>
>






More information about the icq-devel mailing list