ludde was one of the authors of the extension header, and it made its way in around 1.4 I think. However, even uTorrent itself has to hack around previous versions because they never consistently updated the extended client version string. All ancient history of course. This squabbling is all kind of silly, since none of the Bittorrent Inc. developers ever claimed (publicly, there was of course some mention on private IRC when we were testing versions) that 1.6 was vulnerable from this particular exploit. There is a moral to this story of course - never use strcpy on a buffer with a fixed length from a string with a non-fixed length. In fact, probably never using strcpy is a good idea as well.