[Adium-devl] Security Hole? Fwd: Adium Query
Augie Fackler
durin at sbcglobal.net
Fri Feb 3 12:09:48 UTC 2006
Any objections to me forwarding this to Keith and asking him if he
can think of anything in particular we should be looking for?
Augie
On Feb 3, 2006, at 5:00 AM, David Smith wrote:
> I just received the following email. It seems like a fairly major
> hole, if true. http://trac.adiumx.com/ticket/2952 was filed about it.
>
> David
>
> Begin forwarded message:
>
>> Recently whilst running the latest version of adium a friend of
>> mine was
>> able to do a massinvite, whereby all my private contacts where
>> forced into a
>> multi-user chat. I was told he used tirllian to do this.
>
> The original description on the ticket:
>
> Was in a group chat with 2 friends who are authorised contacts. One
> of which executed a mass invite (somehow) at which point a good
> majority of my contacts were forced into the same multiuser chat.
> From chatting with 2 people, it ended up a chat environment with 35
> odd clients.
>
> I WAS LIKE OMFG!...... Apparantely the code was executed using a
> trillian plugin???????
>
>
>
>
> _______________________________________________
> Adium-devl mailing list
> Adium-devl at adiumx.com
> http://adiumx.com/mailman/listinfo/adium-devl_adiumx.com
More information about the devel
mailing list