I have not used Trillian, and barely even know what it is...nevertheless I find the title of this article is misleading, and wanted to point it out. Look at the title. Now look at the first sentence in the article. Find a "potential" inconsistency here?

Wow... Spread the news even more than it was before.. Now more people can try to obtain access to many more people..

Besides.. I still dislike Trillian.. It's nice but is still buggy when having file transfers and other things..

"Cerulean co-founder and CEO Scott Werndorfer said the buffer-related vulnerability is of "extremely low risk." In an e-mail sent to CNET News.com on Friday, he said that attackers would need to construct an entire fake IM software client for the sole purpose of sending a malicious request to a Trillian user. That person would then have to actually accept that message request in order for the attacker to take advantage of the flaw, he said."

endquote

like many other alleged threats, this one involves user stupidity, not program flaws. The user has to accept accept a message request. so unless you know who you are talking to dont be a lamer and talk to strangers :)

if the flaw wasn't a major issue of windows then none of the apps would be experiencing it.

lets deflect blame here and point fingers at alllll the apps as they start becoming exploited through a windows bug, not an application bug.

the applications cannot create holes where holes don't exist. they simply are made using the flawed windows API

http://news.com.com/Tril...37029.html?tag=nefd.top

Thanks Viking for the link... provides a bit more explanation of the problem.

Looks like it only affects the Yahoo Messenger component?

That is correct... but the fact still remains that the flaw does expose the computer to complete, remote control.

I'm not criticizing Trillian or anyone else in my posts... I'm just saying that people need to realize and understand that it's not just Microsoft that has these issues.

It's important that we keep ALL software up to date, and it's even more important that we all learn how to protect ourselves and teach others to protect themselves rather than start going off on companies for their imperfection.

For all those anti-MS people out there that claim the biggest security flaw for IE is ActiveX and its tight integration with the OS... here's evidence that such a claim is invalid.

"The flaw involves a buffer overflow that could be exploited to gain control of a Trillian user's PC." So you see, it doesn't have to be a part of the OS in order to give user control over the PC. It can be done just fine without such integration.

But they will fix the flaw in a couple of days Not weeks or month's unlike M$ ......

Stop saying M$. It just makes you seem like an 8 year old wannabe, to fit in with the "cool crowd".

Yes however a buffer overflow in trillian does not compromise your self down to the core of the OS.

ha! .. so true

nothing wrong with Microsoft or $$$...

i wish id created a corporation like microsoft.. then i could feel bad for those who programmatically spew anti-Microsoft rhetoric trying to destroy what they could not create

That remains to be seen. They haven't released a fix, nor have they indicated timing on release of a fix, so don't make such a statement yet.

As for the other individual's rhetoric about it not being compromised down to the OS, that's obviously not true since the article clearly states that the flaw would give them remote control of the system.

The article said it would be fixed for Trillian's next release, which would be 3.2 actually. That being said, I believe it's around another month before this version actually gets released, even into Beta form.

Yes, it is every little boy's dream to create abusing monopoly, stifle innovation and force subpar products down everyone's throats.

No, it's not that... it's about creating products and services that people actually use and making a profit off those products and services. It's called capitalism.

Now let's stick to the topic please... this thread is about the security issues of Trillian, not about economic and business practices.

> it's about creating products and services that
> people actually use and making a profit off those
> products and services. It's called capitalism.

And is nothing like Microsoft's abusing monopoly.

Microsoft isn't forcing their products down anyones throats. You have a choice over everything on your computer these days.

And the products are in no-way sub-par, they're top of the line actually.

Now repeat after me: Monopoly means all the consumers have no other choice. No-other-choice.

Write it down somewhere. I dunno, a yellow post-it on top of your monitor or something.

Monopoly is a legal term and Microsoft is a convicted monopoly both in US (DoJ vs Microsoft) and in Europe (EC vs Microsoft). Don't bother repeating, it is beyond your comprehension abilities.

Just like returning to the topic of discussion for this article is beyond your comprehension.

Seriously, let it go already. You've made your point but no one else cares, because we are more concerned at this time with security in instant messenger clients like Trillian, Yahoo, etc.

Yes, great care for Trillian security must compel you to repeatedly attack one side of lengthy off topic discussion. Go play with other kids.

Ya, they don't force anything down my throat. I left IE for FireFox, OE for ThunderBird, MS Office for OpenOffice, and then think about anythign else that might be non-MS, but still pay for is mostly all free (to list a few, GIMP, NVU, FileZilla, OpenVPN, etc.)

I do not like MS, but guess they know how to make money and so far haven't seen them stop or stiffle any building for GNU and GPL lincense software :D

I think if you dont wish to discuss an issue mister 2.30 poster, dont bring it into the topic.
While any vunerability is worrying I,m glad to note that thus far this is in the realms of the "paper" hack.
I place great emphasis on the word "Potential".

I can't believe that Betanews hasn't just created a normal Forum where this crap gets redirected too. This is just silly. Same with files. people have to rate a file to make some comments. There should be the normal rating with small coments section, and a forum discussion link for blabbing and experiences and "program x is better" junk.

Cmon guys! :)

Europe said Microsoft was a "near monopoly". Even they didn't have the chutzpah to tell the biggest lie ever told in the software business.

Repeat after me ... Microsoft was not and never was a monopoly.

They don't force anything down anyone's throat. Don't use a PC if you don't like Microsoft. That simple. Or move to Linux or a Mac. Quit whining.

Or you could go program your own OS and make all the need programs ported over to your OS. GG.

Actually, half the posters in this article are blaming MS or talking about MS. Get a clue. I'm tired of listening to whiny emo's complaining about Microsoft. Quit trying to be "original" and "unique". You're in fact forcing your ill-backed opinions and accusations down MY throat.