Yesturday I went to a small local Star Trek convention.
After the convention was over, while I waited outside the building
for my ride home, I noticed one of the managers of the Star Trek
fan club (the israeli one ofcourse) standing close and talking
with another person. That person is working at Mirabilis. I had afew
questions for him, but I always forgot to ask. Fortunatly, the moment
that I looked at them that person gave the other guy his buisness card,
which had the ICQ logo on it. This reminded me about my questions,
so I proceded to ask.
You might be intrested in his responses.. here is what I remember:
1)He knows about mICQ. Not only that, he also claims that it was
one of the company programmers who have created it out of bordom.
I'm not really sure that he really knows mICQ..
2)He did not believe that it was possible to add a user without
even receiving a notification. I said that if a proof he wants,
I cant carry my 486 to the next Con, boot DOS and show him.
He then said that even if this is possible, it is nothing to
worry about. So what if people will see when you are connected?
they cant do anything harmfull.
I then noted that it will be possible for them to get the user's
IP much more comfortably. He then claimed that it is not an issue,
since its easy to do the same thing with other services. For example
sites which automaticly nuke people who enter them, or extracting
IPs via IRC. ICQ is just another feature. I then claimed that
a software such as this, which is concidered to be a "standard"
should be protected. Even such a small patching will be better from
not doing anything at all. He said that this is not important.
His suggestion: if someone add you without you wanting him to,
just place an "Ignore" and everything will be fine. If that wouldnt
work (if he added you for the IP), login as Invisible, or change
your UIN. You can easily move the database to the new UIN.
3)Regarding the claims that people get their computer breached by
crackers that are using holes in ICQ, he claim that it is not true,
and that there is no such holes. These people do not get cracked via
ICQ, the cracker is just using ICQ to know if they are on-line,
and get their IP, and then use a totaly diffrant software or method
to break in.
By the way, he mentioned that in the case that I am intrested,
the new ICQ 2000 will not have a "last IP" address in the user info.
When I asked about the rest of the people with the "older" clients,
he said that they just need to upgrade. nothing serious.
4)regarding why does it take so long for messages to be send trough,
(I gave him an example of a friend of mine that we both know,
who have once received a message from his girlfriend about a date
they're planning.. a month after she dumped him.), he explained that
sometimes the servers just cant handle the huge amount of off-line
messages people send. I think he is correct on that one.
5)Regarding why not put all the protections at the server instead
of at the hands of the client, where it can be bypassed by a simple
patch or even a HEX editor, he claimed that it does not matter since
people will always break the protection, no matter what they'll do.
At that time my ride have arrived, and I had to leave. Which is kind
of pitty since I also wanted to ask about ICQ for X-Windows, 3.11,
and Java. I also had other questions which I do not remember at
the moment.. oh well. These will have to wait for next time. :)
Comments?
Or Botton
[EMAIL PROTECTED]
- "Truth is stranger than fiction, because fiction has to make sense."
-----------------------------
http://members.xoom.com/dsdp/
To unsubscribe from SURVPC send a message to [EMAIL PROTECTED] with
unsubscribe SURVPC in the body of the message.
Also, trim this footer from any quoted replies.
