" This exploit is strraight outta James Bond scenarios and most dev's thought there was no way to do something like this. Proof that we as developers dont always 'kno-it-all'."
By now, we should all know that for every security measure that's implemented, there are 100's of hackers busy at work finding a way to break the protection.
There is no solid guarantee that today's most secure product will not turn into tomorrows least secure application.
It's a fact of the times.
My main point with the statement goes along with what you've said, unfortunately more developers are to hard headed to hear anything than what they believe. I'm more old school than that. If I have a script, or piece of code, I develop, I do my best to stay open to every possibility of its uses and/or mis-uses. Although there is a rule, more like guidelines (to steal a quote from a favorite Disney flick).
Kinda like how most dev's will swear by *nux builds but last year there were more serious exploits of *nux based systems (Sony, the US federal government minus the USMC -they use their own CLOSED/PRIVATE SOURCE code, etc) than Windows servers. to that, we can attribute the fact that criminal organizations are NOT as stupid as we tend to believe and with how much of our lives exist in our machines, why wouldn't they be involved in all sorts of 'open-source' projects to insure their own criminal survivability? We would be more stupid than we attribute them to be if we thought anything else. I used to be a dedicated open-source user. From FF to Filezilla to Linux itself. The past year, Iv had my *nux builds crash more than my windows, or show stray transmission(s).
Either way, this went a bit off topic and for that I apologies, but at the same time remains on topic to suggest when users like InDoctor bring things like this to attention, we should explore EVERY possibility of it being true instead of the only possibilities of it not being true. And if it does run on a P2P basis, this is a mistake. P2P is very easily interceptible (even with SSL; as reason described above) for MiM attacks. We must believe that illicit users are already reverse engineering Avast, as its one of the best...
if not the best. end of story.