Shareaza: "don't play with IE"
Tags developers, internet explorer, security, shit-code
A short story about Infernet Exploiter usage in popular P2P app "Shareaza".
It was last summer, when SourceForge wasn't so bad and I was always sitting and helping on their channel @ freenode, and, also, I was a windowz user.
Persons:
_AnywhereIs_: me
Ryo-oh-ki: Shareaza developer
Local time: GMT+06 (in DST)
Channel: #sourceforge
Place: IRC.FreeNode.net
Date: June 13-14, 2009
--------
16:34:18 <_AnywhereIs_> Ryo-oh-ki yore developer of shareaza?
17:01:40 <Ryo-oh-ki> yes, my login is "raspopov"
17:09:34 <_AnywhereIs_> i just wanted to report a... a bug that shareaza is hard-bounded to IE and when i try to connect Gnutella network it fails when IE is disabled(i disable it setting up proxy at 127.0.0.1 where there is no actual proxy exist). it connects ok when i reset ie settings to direct connection and launch shareaza again. it's a bug i believe. using 2.4, winserv 2003, can send out a video showing this bug in work.
17:10:02 <_AnywhereIs_> no software should depend on ie engine.
17:25:59 <Ryo-oh-ki> _AnywhereIs_, Shareaza is windows addict application and IE using is advantage. But Gnutella 2 sybsystem don't depends on IE so you probably broke something else.
17:26:44 <_AnywhereIs_> well i can send video.
17:26:53 <_AnywhereIs_> which i will record right now
18:31:11 <Ryo-oh-ki> btw you cant disable IE by setting wrong proxy you just cut all windows apps and windows itself from internet and for example from Windows Update site
02:07:27 <_AnywhereIs_> Ryo-oh-ki would you fix that issue with shareaza?
02:09:59 <Ryo-oh-ki> ist requires no fixing
02:33:30 <Ryo-oh-ki> _AnywhereIs_, dont play with IE
--------
Few more notes, from today.
I just fetched 2.5.2.0(latest on sf.net) in my virtualbox where I run winxp sp2 when required, and it refused me in installation, complaining about I am not administrator. Why the hell should I be an administrator? I work under user account there. One more reason not to use this piece of software.
The bug with IE binding still wasn't fixed. It still gets hub list using IE engine.
I suggest everyone, who develops window$ apps to read one good book: "Writing Secure Code" from M$ by M.Howard and D.LeBlank. Though it contains abusing of "hacker" word, I can say it teached me many tricks in securing applications and coding them the secure way. Not related to specific platform even.
The general rule here is "Don't abuse privileges. Try to make your application available for installation in almost any environment".
It was last summer, when SourceForge wasn't so bad and I was always sitting and helping on their channel @ freenode, and, also, I was a windowz user.
Persons:
_AnywhereIs_: me
Ryo-oh-ki: Shareaza developer
Local time: GMT+06 (in DST)
Channel: #sourceforge
Place: IRC.FreeNode.net
Date: June 13-14, 2009
--------
16:34:18 <_AnywhereIs_> Ryo-oh-ki yore developer of shareaza?
17:01:40 <Ryo-oh-ki> yes, my login is "raspopov"
17:09:34 <_AnywhereIs_> i just wanted to report a... a bug that shareaza is hard-bounded to IE and when i try to connect Gnutella network it fails when IE is disabled(i disable it setting up proxy at 127.0.0.1 where there is no actual proxy exist). it connects ok when i reset ie settings to direct connection and launch shareaza again. it's a bug i believe. using 2.4, winserv 2003, can send out a video showing this bug in work.
17:10:02 <_AnywhereIs_> no software should depend on ie engine.
17:25:59 <Ryo-oh-ki> _AnywhereIs_, Shareaza is windows addict application and IE using is advantage. But Gnutella 2 sybsystem don't depends on IE so you probably broke something else.
17:26:44 <_AnywhereIs_> well i can send video.
17:26:53 <_AnywhereIs_> which i will record right now
18:31:11 <Ryo-oh-ki> btw you cant disable IE by setting wrong proxy you just cut all windows apps and windows itself from internet and for example from Windows Update site
02:07:27 <_AnywhereIs_> Ryo-oh-ki would you fix that issue with shareaza?
02:09:59 <Ryo-oh-ki> ist requires no fixing
02:33:30 <Ryo-oh-ki> _AnywhereIs_, dont play with IE
--------
Few more notes, from today.
I just fetched 2.5.2.0(latest on sf.net) in my virtualbox where I run winxp sp2 when required, and it refused me in installation, complaining about I am not administrator. Why the hell should I be an administrator? I work under user account there. One more reason not to use this piece of software.
The bug with IE binding still wasn't fixed. It still gets hub list using IE engine.
I suggest everyone, who develops window$ apps to read one good book: "Writing Secure Code" from M$ by M.Howard and D.LeBlank. Though it contains abusing of "hacker" word, I can say it teached me many tricks in securing applications and coding them the secure way. Not related to specific platform even.
The general rule here is "Don't abuse privileges. Try to make your application available for installation in almost any environment".
Total Comments 0
