-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I would like to argue this point. I posted the original post to vuln-dev in September. It took them 4 MONTHS to fix the hole and all they had to do was add a filter to there server. IMHO this is pathetic microsoftesque (like that word folks? I bet J Dyson does,) behavior. Considering that an im could give up total control of your computer and it took them 4 months to add the equivalent of a firewall acl I find this behavior nauseating.
Cheers, Leon - -----Original Message----- From: dewt [mailto:[EMAIL PROTECTED]] Sent: Monday, January 07, 2002 2:30 PM To: Dan Trainor; [EMAIL PROTECTED] Subject: Re: another little IM problem... On Friday 04 January 2002 03:34 pm, Dan Trainor wrote: > Does this alarm anyone else? How will AOL fix this problem without > making users download any patches / fixes? Are they going to > install it themselves? If so, if they can fix this problem by > installing a fix on to your machine, what's stopping a malicious > user from installing > something else on your machine? > > If I am misunderstanding how this latest vulnerability works, I do > apologize for this "junk" mail. :) > > > -dt they fixed the issue on their servers, so clients dont need to update, allthough there will likely be a client-side solution for the issue in their next release. They also fixed the issue in about a day, which is very very fast for closed source products. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBPD2t1dqAgf0xoaEuEQIkQwCeOVwes+A4catJQfg0zDySxmY6JQ4AoIEl cDGt59gCJtRM0BahzJPgGAx3 =eH+4 -----END PGP SIGNATURE-----
