0.69 is out!
May 22, 2006 Leave a comment
0.69 is out! I urge people to upgrade. The version contain three security fixes, two of which I know have been exploited in the wild.
Notice; * Removed support for generating NMDC-style file lists (old clients won’t be able to download from you)
This means that people that are using 0.306 and earlier versions will not be able to download from you and you will not be able to download from them. Convince them to upgrade their version if you come across someone using those versions.
The ‘Added option for masked password prompt’ that I added, will not actually mask the password when you send over the network. Atleast not in NMDC hubs. That is, it’s perfectly visible if someone else is using eg Ethereal. On ADC is this not possible because of the nature of ADC. In ADC, data is sent from the hub to the user, the user then uses the Tiger algorithm to encode the CID (of the user), followed by the password and then the data. And until the Tiger algorithm is broken, it is not possible to reverse engineer the password.