[2] [JDEV] Yahoo forcing users to upgrade their client ...
Tijl Houtbeckers
thoutbeckers at splendo.com
Thu Sep 11 19:11:23 CDT 2003
Matthias Wimmer <m at tthias.net> wrote on 12-9-2003 1:21:10:
>
>Hi Andrew!
>
>Andrew Sayers schrieb am 2003-09-11 15:31:27:
>> > Note: Protocol change in MSN is due some security issues, AFAIK.
>> For the record, MS claim there is a security weakness in older
>> versions of the protocol, which they haven't disclosed. I assume
>> they'll tell us about it once it's no longer a live issue.
>
>I am not really sure if there is a real security problem in the old
>protocol. But we'll see if they tell us about a real one after it has
>been shut down.
Well it depends on how you look at it. Microsoft wants people to
upgrade to a version of the protocol that uses SSL, so they when they
choose they can start depending on client-side SSL certificates to know
who their users are. Since you can't do that with the old protocol from
that perspective you could call it "insecure".
--
Tijl Houtbeckers
Software Engineer @ Splendo
The Netherlands
More information about the JDev
mailing list