Girlfriend Discovers a DoS Vulnerability in Gaim

It will probably be hard for you to believe, but my girlfriend discovered a DoS vulnerability in Gaim. No, don’t worry. She is not a computer geek (One in a relationship is certainly enough). The story of my girlfriend’s important discovery goes like this:

I was chatting with her some days ago using Gaim (she uses MS Messenger). At some point, she had sent me the following attack vector:

:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(
:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(
:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(
:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(
:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(

As she deeply disliked something I had said to her …

Gaim replaced each “:(” with a sad animated 🙁 emoticon. From a mysterious reason, a few dozens of sad emoticons made Gaim choke. CPU usage was at 100% and the system felt highly unresponsive. It was impossible to use Gaim at all.

Luckily, I was able to kill Gaim from the command-line. I started it again hoping for the best, however, when I opened the chat window again, the attack vector was still there (retrieved from the logs) and Gaim choked yet again. I had to manually remove the few last lines from the log files, so I’ll be able to speak with her again.

To make a long story short, my girlfriend is now happy again.

Note: This episode of Thesamet.com was recorded 10 days ago, when Gaim developers were notified of this.

Clarification: For some reason, some people consider this to be a chauvinistic post. My girlfriend is a very intelligent person, she is not interested in software security. We were both surprised that she unintentionally discovered this. That’s it.

P.S.: The first paragraph of this post was written by her. She said it will help it to “do well on digg”.

This entry was posted in daily. Bookmark the permalink.

66 Responses to Girlfriend Discovers a DoS Vulnerability in Gaim

  1. Pingback: MILITANTPLATYPUS » Blog Archive » Monday Morning News

  2. Abel Cheung says:

    Not entirely equivalent, but I’ve experienced similar issue with a gaim plugin as well: gaim-festival, which turns IM text into speech and speak it out. My colleagues make fun out of it, and send me messages like: “hihihihihihihihihihihihihihihihihi…” at first it’s really funny to see the sound deteriorate with the sheer length of message, but that managed to crash my gaim once later. I never turn it on again anymore.

  3. Mike Darnell says:

    Give me enough unhappy smileys and a point of access and I’ll shut down the web.
    : )

  4. monkeys_suck says:

    I hope you die.

    Seriously.

    Don’t turn everything into something sexist. Go get hit by a bus, eat a bullet, just do something to leave this world.

  5. Ben Dover says:

    You need to get rid of all your revolt and negativity brother. Lighten up and don’t be so constipated, you’ll feel a lot better and the whole world around you will SMILE.

  6. Dave says:

    Um… I seem to be missing the part where the “DoS” happens… to me, it just sounds like Gaim chokes up with a lot of smilies in one message. Very definitely *not* a DoS attack.

  7. Sude says:

    it will help it to “do well on digg”. it doesn’t matter who wrote the crap. The crap is crap and *you* are rspeonsible as its publisher. If your girlfriend wrote the crap, tell her to take a few women’s studies classes (to learn about internalized oppression), dump you (bc you agreed to publish crap about her), and get her own blog (to get a voice of her own). What’s done is done. Hopefully, next time you’ll be careful about what your fingers tell you to write. > also, as reply to when did he say he was going to report the bug? it is kind to report vulnerabilities to devels before making them public. The blog owner apparently knows this and says This episode of Thesamet.com was recorded 10 days ago, when Gaim developers were notified of this. But he still needs to give us a *source*, which, in this case, should be a link to the bug report, so we can *follow up* on what’s going on

  8. Acep says:

    omg omg omg i have a really aeowsme idea right you play guitar guessing from the nameyou could play her a songor or you could have massive white cards with your feelings on erm i cant explain look on youtube on the film love actually and you can see how lovely this idea is and she will love it just look at the clip on you tube type love actually in it and it will be there

  9. in the past year Facebook has also strived to be more like Twitter – a service built around a simple capability and which is no competitor to Facebook in terms of

  10. Wasn’t meant as a shot at you…I just wanted you husband to get a chance to raise some rabbits! They really can be fat when raised domestically…Wild ones, not so much…

  11. I love reading these articles because they’re short but informative.

  12. 1edbuenas noches sr.Carlos Slim disculpe las molestias que le causo le pido con el corazon en nla mano que me ayude mi hija de 16 meses va ser operada del craneo y no temgo para pagar mi renta debido aque he estado de citas a citas miesposo o hay podido juntar lo de la renta porque no ha trabajado por que el me lleva para las citas de doctor que tiene mi nena le pido de favor que me ayude no necesito mucho ayudeme por favor se lo pido favor gracias

  13. the day you DONT do this in an empty, freshly snowed parking lot, is the day you’ve lost your

  14. Vilukissmajaan en ole saanut aikaiseksi lähteä tutustumaan, puhetta on kyllä ollut, että pitäisi ja pitäisi.:(Kannattaa liittyä Eteläpohjalaiset Juuret yhdistykseen!Meitä on jo liki tuhat jäsentä. Tervetuloa mukaan!

  15. http://www./ says:

    Amazing Web page…I sense extremely inspired together with your posting talents together with with each of the layout within your website. Is this a fantastic paid back subject material or fundamentally handled everyone customize virtually anything oneself? In almost an…

  16. My ride on mower has a cup holder, they are basically telling you

Leave a Reply

Your email address will not be published. Required fields are marked *