Cerulean Studios on Monday released a "highly critical" security update for its Trillian multi-protocol chat software.
Attackers could exploit vulnerabilities in the character encoding for Trillian 3.1.5.1--specifically, the word-wrapping handling of UTF-8, the Unicode Transformation Format used for encoding characters in e-mail, instant messages and Web pages, iDefense Labs warned in its security advisory. The vulnerabilities potentially could affect earlier versions of the Trillian software as well, iDefense said.
Trillian, which supports Yahoo's Instant Messenger, AOL's AIM, MSN Messenger, and Internet-relay chat and ICQ ("I seek you") instant-messaging protocols, could be exploited if users view a malicious message containing an unusually long UTF-8 string. Attackers could then potentially launch a buffer overflow and remotely gain control of a user's system, according to Secunia, which rates the security flaws as "highly critical."
Cerulean Studios has released an update, version 3.1.6.0, to Trillian. iDefense noted that while it identified the MSN protocol as a potential attack vector for the vulnerabilities, other supported protocols may be vulnerable.
Being an everyday user of trillian I do appreciate somebody mentioning there is a potential major security flaw. Now if my trillian doesn't auto update I can take care of it myself. Thank you CNet for the heads up.
Hilarious and true...Flaw denial is rampant here...I actually saw one person say that a patch to one particular system should be referred to as "an improvement"
Leaving out important details to create as much fear as possible is not okay.
This article is yet another example of reporting a threat and omitting any information that might indicate who is really vulnerable. What operating systems are affected? We can only assume from C/net's reporting history that this doesn't affect Macs, because if it did, Macs would be specifically and prominently mentioned. We can also assume that it affects several versions of Windows, but probably not Linux or other Unix like systems.
By leaving out information on affected operating systems, C/net creates the false impression that everyone is vulnerable to every security flaw in every application, no matter what OS they're using.
In order to celebrate Valentine's Day, a survey asks Americans what they would give up in order to telecommute. Five percent say "spouse," while 12 percent say "daily shower."
There is much outpouring from stars on Twitter at the death of Whitney Houston. Moreover, Houston-related themes dominate the site's top 10 trends. At least in the U.S.
The Web fulminates when it is revealed that executives from VEVO--vehement music industry antipirates--played a pirated stream of an NFL playoff game at a party. VEVO claims it left its Wi-Fi unsupervised. Have we heard that argument before?
Tor's "obfsproxy" technology would make encrypted data look innocuous and let it dodge government censors. That could help citizens in Iran reach blocked sites as antigovernment protests reportedly loom.
MIT creates a simulation to celebrate the 50th anniversary of Spacewar. A relic of the early days of minicomputers, it was one of the first computer video games and set the stage for many others, including Asteroids.
A man's dream toy, a weapon-wielding remote-controlled toy spider, nets nearly half a million hits on YouTube in one day. Will it live up to the hype once it's released?
happens to Trillian, they jump all over it and point out it's flaws!
It's almost like their bias against Windows Vista AND Mac OS X...
I hope somebody found the sarcasm in this post.
is not okay.
This article is yet another example of reporting a threat and
omitting any information that might indicate who is really
vulnerable. What operating systems are affected? We can only
assume from C/net's reporting history that this doesn't affect
Macs, because if it did, Macs would be specifically and
prominently mentioned. We can also assume that it affects
several versions of Windows, but probably not Linux or other
Unix like systems.
By leaving out information on affected operating systems, C/net
creates the false impression that everyone is vulnerable to every
security flaw in every application, no matter what OS they're
using.
"
Nicso - <a class="jive-link-external" href="http://www.lyricsrec.com/lyrics/billy-joel/index.php" target="_newWindow">http://www.lyricsrec.com/lyrics/billy-joel/index.php</a>
<a class="jive-link-external" href="http://www.lyricsrec.com/lyrics/brandy/index.php" target="_newWindow">http://www.lyricsrec.com/lyrics/brandy/index.php</a>