| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 14 Feb 2009 23:16:42 -0500 From: "sr." <staticrez@...il.com> To: Valdis.Kletnieks@...edu Cc: full-disclosure@...ts.grok.org.uk Subject: Re: ICQ 6 protocol bug? oh....this reminds of the days subseven would send ICQ pager alerts....ahh...the gold 'ol days..... On Sat, Feb 14, 2009 at 4:49 PM, <Valdis.Kletnieks@...edu> wrote: > On Sat, 14 Feb 2009 23:26:48 +0200, James Matthews said: > >> ICQ is known to have a few remote bugs. I use meebo.com instead of a client >> due to these issues. > > At which point you're probably trading known bugs for unknown bugs. ;) > > Of course, this is a battle the user can't win. The other option is to > toss the proprietary ICQ client and use some other open-source client like > Pidgin - at which point you're trading known ICQ bugs for unknown Pidgin bugs. > At that point, your best bet is to consider 2 things: > > 1) What client am I most likely to see actual attacks against? > 2) What client am I the most worried about attacks? > > (Note the two don't have to be the same - widespread ICQ attacks may be more > common, but maybe you worry more about getting hit with a Pidgin attack because > it possibly means you're being targeted....) > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists