0.69 is out!

0.69 is out! I urge people to upgrade. The version contain three security fixes, two of which I know have been exploited in the wild.

Installer, .zip and source.

Notice; * Removed support for generating NMDC-style file lists (old clients won’t be able to download from you)
This means that people that are using 0.306 and earlier versions will not be able to download from you and you will not be able to download from them. Convince them to upgrade their version if you come across someone using those versions.

The ‘Added option for masked password prompt’ that I added, will not actually mask the password when you send over the network. Atleast not in NMDC hubs. That is, it’s perfectly visible if someone else is using eg Ethereal. On ADC is this not possible because of the nature of ADC. In ADC, data is sent from the hub to the user, the user then uses the Tiger algorithm to encode the CID (of the user), followed by the password and then the data. And until the Tiger algorithm is broken, it is not possible to reverse engineer the password.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: