quote:
Originally posted by riahc4
Are you some drugs?
Plus! doesnt communicate with the Messenger service at all. All of its communications are offline except the update feature (and if you ware paranoid you can turn it off and update manually) and the mail feature (which out of the box isnt used)
I'm sorry if I mis-worded my original post - what I meant was as long as Plus! communicates with outside sources, it is vulnerable. I didn't mean that Plus! communicates with the messenger service, I simply stated it as an external source from which user input could come from. From what I can figure, the Plus! application parses other users' names for formatting tags (colours, bold, etc). This means that the parsing code is subject to user input and should be considered as a potential target for exploits. It is unlikely that the parsing algorithm contains any vulnerable code, but it is not impossible.
Furthermore, this doesn't change the fact that the update feature is enabled by default and your average layman wouldn't see any reason to turn it off. It could be exploited, but generally isn't.
The entire point of this topic was
NOT to discuss possible security flaws in the application's communications model but to alter the FAQ to more accurately reflect the realities of software security.
quote:
Originally posted by Voldemort
Not all, what about the sounds!??!?!
Unless I am mistaken, only the Plus! server receives these, and it then forwards them to the target client. It is simply another avenue that is a possible target for exploits.
quote:
Originally posted by Voldemort
OH SHAWNZ YOU FOUND ANOTHER MICROSOFT FANBOY!
Firstly, comments like this are counter-productive and somewhat childish. Secondly, the last time I checked referencing a person's mannerisms wasn't considered a reason to be labelled a 'fanboy'. Yes, I primarily use Windows, along with most home computer users in the world. Anyway, I'm not getting into a flame-war with you. Either contribute something useful or leave this thread alone.
