trillian astra is nice. but does the alpha release intentionally have no security? alan investigates.

Trillian Astra

I’m confused. Very confused. Poking around the Trillian website, I found a little link in the directory:…

Clicking this, theoretically, would have caused direct download of the newest version of the closed Trillian Astra alpha release. Of course, I gave the downloading a try, only to be presented by a simple script based password prompt. I was too lazy, and not that interested in downloading Trillian in the first place, so I thought I would just let this little opportunity to explore go by. Little did I know, simply typing in “beta” and “beta” for both the username and the password would result in direct access to the download.

Is this intentionally easy? Maybe? Anyway, surprised at my success, I went ahead and downloaded the installer and booted up the new Trillian. I was greeted by an Alpha release login page.

“So it really isn’t that easy…” I thought. Well it was. Trying “beta” and “beta” again failed, but I got a port connection error. I changed my port, with a couple of guesses to 4444, and suddenly my password string was longer than “beta”. I thought this was just some sort of password protection, but I clicked login anyway.


Successful login. Honestly, I don’t believe Trillian intended to protect this alpha release, but just wanted to prevent overload of servers. If protection was intended though, I suggest Trillian get right on fixing it, or just release it to everyone. It’s pretty good, afterall.

Be Sociable, Share!

1 Comment

  1. jdandison

    October 14, 2008 @ 7|26 pm


    Now that’s freakin’ sweet! And still working, as of 730p EST, Oct 14.

Log in