[JDEV] MSNP8 Security Enhancement
harmeet_im at kodemuse.com
harmeet_im at kodemuse.com
Thu Sep 11 19:32:53 CDT 2003
Sorry about changing topic on threas,
----- Original Message -----
From: Tijl Houtbeckers <thoutbeckers at splendo.com>
Sent: Sep 12, 2:11 AM
> Matthias Wimmer <m at tthias.net> wrote on 12-9-2003 1:21:10:
> >
> >Hi Andrew!
> >
> >Andrew Sayers schrieb am 2003-09-11 15:31:27:
> >> > Note: Protocol change in MSN is due some security issues, AFAIK.
> >> For the record, MS claim there is a security weakness in older
> >> versions of the protocol, which they haven't disclosed. I assume
> >> they'll tell us about it once it's no longer a live issue.
> >
> >I am not really sure if there is a real security problem in the old
> >protocol. But we'll see if they tell us about a real one after it has
> >been shut down.
>
> Well it depends on how you look at it. Microsoft wants people to
> upgrade to a version of the protocol that uses SSL, so they when they
> choose they can start depending on client-side SSL certificates to know
> who their users are. Since you can't do that with the old protocol from
> that perspective you could call it "insecure".
>
> --
> Tijl Houtbeckers
> Software Engineer @ Splendo
> The Netherlands
>
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev
More information about the JDev
mailing list