although it's not clear this makes a non-irc user vulnerable (most ss users hang in irc-style ss chat rooms) it still looks severe. in the meantime soulseek chief (and ex-napster developer) nir - who says he doesn't recall hearing from laurent about this exploit before - has nevertheless taken his advice and placed a character limit on the search string at the server side. this should make the network safe again without having to propagate a patch thru all the clients. nir says he'll continue to monitor.
- js.
|