[geek_at]

don't forget they had terrible security even for the time. In their client you could do text customizations like bold, italic, etc. and they did it by just sending HTML over the wire.

This meant that if you used a custom client (which they didn't allow), you could just send HTML which got evaluated so you could force users to download stuff or send HTML forms or iframes

When this became semi public (in hacker circles) they went after the people talking about it with legal action instead of fixing their stuff

[richarme]

Eww, I wasn't even aware of that. I thought the filename UI issue was actually kind of a subtle fail and I was proud to find it, but that one is terrible.

Here's another blast from the past.. List of ICQ exploits on neworder.box.sk, the website I learned my first 1337 h4xx0r skills from: https://web.archive.org/web/20040829081726/http://neworder.b...