Trillian 3.1.7.0.
In response to the URI security vulnerability released this week, we have updated Trillian 3 to 3.1.7.0. Auto-update should be firing for existing users, and you can use our download page to grab a full installer if you are so inclined. We recommend that all existing Trillian 3.x customers download this latest upgrade.
As a result, there will be no Astra build this week. You can thank the three geniuses behind the vulnerability report for their professionalism (read: none) in reporting this vulnerability to the vendor before public disclosure. To the rest of #hack: we’re happy to responsibly fix vulnerabilities as they’re found, but would appreciate some advance notice.
Lastly, we’ll be making a trip to the datacenter early next week – all existing Astra testers are hereby advised of possible downtime. We’ve posted more information for those who are interested on our forums.
Thanks everyone, and have a great weekend.
July 20th, 2007 at 3:06 pm
Thanks for tips… enjoy week end too !
Laurent
http://www.horaires-sncf.fr
July 20th, 2007 at 3:14 pm
[...] Trillian 3.1.7.0 erschienen Gruss, Wolfi "Living IT support is spreading knowledge to create success"©® [...]
July 20th, 2007 at 4:44 pm
Since updating Trillian I can’t drag-drop files to anyone anymore… I must use the “Sendfile” command.
It worked without problems just a minute ago. Maybe something in the Update?
July 20th, 2007 at 10:34 pm
you know what, I think you guys spend more time with creating new images for trillian astra (adding a iphone or stuff like that) or searching for a friday-blog-post to calm down some people that there is no build today because you did nothing. you startet this iphone thing, instead of finishing something you already startet. I think there are a lot of other good programmers that could help to complete your projects, maybe you should let them join your team? you must addmit that this astra story is taking too long… (sorry for my bad english)
July 21st, 2007 at 12:28 pm
[...] Trillian Blogs (Trillian 3.1.7.0) http://blog.ceruleanstudios.com/?p=170 [...]
July 21st, 2007 at 4:25 pm
I do not understand the “non professionalism…” I think that EVERY app developer has the MS view of the world… “Write crappy apps and hope the users will test them for you…”
…You cannot blame the exploit, except that good programming was not performed here, Hopefully Astra will not be like that. Also, I am not implying the fact that Trillian is a crappy app… Just that the development needs to be more rigorously tested… Also, the bug report is just hideous.
…It seems that everyone loves to blame someone else for bad coding…
July 22nd, 2007 at 3:01 am
rewt … just because they didn’t release anything today does not mean they were all on vacation all week. There is plenty of backend work to be done as well. Your post really is rather insulting to a very small group of developers that work very hard on this Program. They can’t just go out and hire a bunch more developers … they have a budget to stay within more than likely.
dageekkid … you do realize the exploit affects AIM too right? So a huge company like AOL with all there thousands of employees didn’t see it … and this doesn’t matter? This does not automatically mean they are guilty of bad coding.
You guys and your extremely negative posts are just so demeaning. Why can’t you just not be so pessimistic about everything?
July 22nd, 2007 at 11:21 am
Thanks for the quick update, everyone. Much appreciated here on the homefront.
July 22nd, 2007 at 11:47 am
Maunic: You’re right… Also, it doesn’t solve my problem. Has anyone the same problem? If not, then something is wrong here.
July 23rd, 2007 at 9:33 am
The three h4ck0rz and dageekkid don’t get it. I would bet any amount of money that they could not write an application as complicated as Trillian without bugs and potential security exploits. It’s simply not possible. Acting all high and mighty and blaming it on “poor coding” shows how naive they are. Maybe when they grow up they’ll realize how much less damaging it is FOR THE USERS (not the company) to responsibly disclose vulnerabilities so a patch can be distributed before the exploit is released. Releasing examples before the patch to the vast hordes of script kiddies with no morals and plenty of time on their hands to do destruction to innocent third parties is NOT responsible!
Side note: what was being exploited can easily be greatly mitigated, however, by not running as an administrator. Although other avenues of damage are possible with that exploit and a tiny bit of imagination, the given examples won’t work (standard users cannot write to the all-users startup folder by default). Keep that in mind, everyone. You don’t need Vista to not run as an admin.
July 23rd, 2007 at 11:52 am
To be clear – security vulnerabilities and programming mistakes are absolutely inevitable in any project of reasonable size. We understand this, and that’s why we place high priority on fixing things when they *are* reported.
My snarky comment was only in reference to the fact that these particular security researchers chose not to contact us before disclosing the vulnerabilities they discovered. I am in no way suggesting that bugs or vulnerabilities in Trillian are anyone’s fault but our own; we take full responsibility for our mistakes.
At the end of the day, avianwaves nailed the ultimate problem here – user protection. It does users absolutely no good when exploits are released prior to vendor patches, and we frankly expect more from folks in the security industry.
I hope this clears up our point of view.
July 25th, 2007 at 10:07 am
Just did the auto update, got a handful of errors and now Trillian won’t connect to anything. Great… ;-(
July 25th, 2007 at 11:08 am
OK, it seems that the recent update clears all the connection settings.
July 26th, 2007 at 6:10 am
I did the auto update last night and since that Trillian won’t connect to MSN :’(
July 26th, 2007 at 2:26 pm
Yea, thats the sum of it LPetersson. This update is not good at all. Should have been warned that your connection settings will be lost. Poor show guys. I am now back to using an old version, and will not update in future.
July 26th, 2007 at 5:19 pm
pobz … that is pretty sad, now you will never have updated security to fix issues. I hope someone exploits your system for that attitude. While it is unfortunate, readding your accounts brings them back fully with all your old settings (as they really are still there) but oh well.
July 26th, 2007 at 10:14 pm
Speaking as someone who supports very complicated/data-centric software and who has wanted to tell people to RTM (read the manual), you have to understand that no matter how many people you have you’ve got something called WORKFLOW. When you get slapped with something big that’s an urgent priority, then you DROP everything. Then when you go back to what you were doing before it takes awhile to get back into that focus. Also, no code is perfect because programmers are almost never left alone to actually fix, repair, rewrite, or revamp code. Why? Here are two poles. 1.) Code stability and 2.) Enhancements. Programmers and developers and even support people are stuck between the push and pull of these elements. Usually by our customers…
Your team rocks. I don’t know of any other project that delivers a polished well envisioned high quality product again and again by so few and very under appreciated. You’re like the mothers of the software world, minus mother’s day cards!
July 30th, 2007 at 2:32 am
Trillian 3.1.7.0 veröffentlicht
…
August 3rd, 2007 at 1:09 pm
Crashes on XP constantly. I’m afraid to install it on Vista. I’ve moved back to Windows Live, at least it works.
August 3rd, 2007 at 3:24 pm
ken@ … did you bother posting your crash dump files to the forums to see if perhaps someone could help you out? It is probably something simple and easy to fix. No need to run away from it without even trying.
September 28th, 2007 at 9:24 am
UNSTABLE, likes to not display the contact every now and then. Seems to happen when connected to the network via VPN.
September 30th, 2007 at 6:39 am
Usefull !! Thanks much for tips.
November 10th, 2007 at 12:07 pm
Thanks
March 25th, 2009 at 3:54 pm
interesting tips !
jeans