We understand the need to support legacy clients, but Snapchat could easily limit the damage this exploit could do.
It wouldn't be that hard for them to make the best of what they have, by auditing all the code that typically has these exploits, and from that point onwards, also auditing riskier areas in the code base periodically.
But yeah, we have seen an improvement in some of the Snapchat client code, which indicates there are probably some bright new developers that have just joined the team. We just find it pretty bad that in this time, we haven't seen attempts (on our end, server side may be different) to secure the protocol.
Also regarding communication, we haven't heard a word from Snapchat in 4 months, neither has the reporter of this story, Violet Blue. If any of the guys from Snapchat are reading this (or you can pass on a message), tell them they're free to message us at firstname.lastname@example.org.
We're pretty easy to contact.
Just saw your edit, the purpose of this release wasn't to tell everyone we're the nth person to reverse engineer Snapchats protocol, but rather to bring attention to the particular vulnerabilities.
I can speak for the rest of our team, and we're pretty sick of Snapchats protocol, and this will most likely be our last release regarding it.
(Also I noticed newlines broke, kinda fixed that)
I'm just saying, 9 months down the road, if they had the optimal version of their security protocol, someone could still break in and write a post that "audits" it, just like we get every couple of months on the HN frontpage. Everyone would laugh, again. Some people would know that it's as good as it gets, but most people would just be in it for the circle jerk. There's no win for them here. That's all I'm saying.
Also, seeing your edit responding to my edit, sorry, I sometimes post before I work everything out perfectly. This isn't really an indictment of you guys specifically. I think your work is great.
(OT, but you have a really cool project list btw :P)
If Steve Gibson hears of this, or reads this, my apologies, this was not intended.
(also this was a reference to the movie Hackers, which in turn a reference to William Gibson)
Sorry that really is a mistake on my part. I thought I saw his name attached to it. I'm probably thinking of someone else, again I apologize to all parties involved.