instant messaging insecurity
Results 1 to 7 of 7

Thread: instant messaging insecurity

  1. #1
    Banned
    Join Date
    Dec 2002
    Posts
    394

    instant messaging insecurity

    More worms and malware software exploiting this insecurity. Just thought I share this with everyone that uses instant messaging but this attacks mostly M$, here is the link to read more info
    but instant messaging is becoming less secure. http://www.online.securityfocus.com/infocus/1657

    :-P

    M$ maybe Bill will day get smart and become open source :evilgrin:hehe!!

  2. #2
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    if we had access to the windows code that word be the end of microsoft. id like to comment on the article but the link dosn't work for me,
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  3. #3
    Purveyor of Lather Syini666's Avatar
    Join Date
    Aug 2001
    Posts
    553
    If I remember correctly, MSN Messenger sends all its info (passwords included) as plain text. If thats so, then wouldnt it be amazingly easy to sniff out people's passwords, and basically capture whole conversations? I know this was true of MSNP7, because I have a hard copy of a doc explaing how to make a msn clone in VB. Does anyone know if they have since changed it to somehow protect transmissions?
    You're not your post count, You're not your avatar or sig, You're not how fast your internet connection is, You are not your processor, hard drive, or graphics card. You're the all-singing, all-dancing crap of AO
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

  4. #4
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    Well, they claim that the transfers and passwords can be contained, but simple line errors in the header of a message can retrieve a user's password. Sad, but true. I've found multiple s'kiddie programs online that allow user's to retrieve other user's password simply by offering a file transfer and screwing something in the header up. Something as simple as that, can retrieve passwords to MSN account's. Sick? Damn right...
    Space For Rent.. =]

  5. #5
    Purveyor of Lather Syini666's Avatar
    Join Date
    Aug 2001
    Posts
    553
    Its stuff like this that makes me glad I only BS over MSN, instead of doing anything sensitive. I wonder how other IM services compare against MSN as far as security goes. I remember seeing all the programs for hijacking and torturing ICQ users, and I havent toucht that program since then.
    You're not your post count, You're not your avatar or sig, You're not how fast your internet connection is, You are not your processor, hard drive, or graphics card. You're the all-singing, all-dancing crap of AO
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

  6. #6
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    From what I heard, yahoo was the safest. I'm not sure, I've only used ICQ once but heard of loads of bugs and vulnerabilities in it and risks while using it. MSN is MSN ('nuff said) and AIM has had quite a few problems with file transfer's as well. I never heard much about yahoo's instant messanger program however, but that's JMHO.
    Space For Rent.. =]

  7. #7
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534
    Originally posted here by Syini666
    If I remember correctly, MSN Messenger sends all its info (passwords included) as plain text.
    Nope.. the passwords are encrypted.
    the MSN server first sends a key.
    the client (your client) adds your password to the key and does an MD5 of that.
    that gets send back.

    not easy to crack (only brute force works)..

    If thats so, then wouldnt it be amazingly easy to sniff out people's passwords, and basically capture whole conversations? I know this was true of MSNP7, because I have a hard copy of a doc explaing how to make a msn clone in VB. Does anyone know if they have since changed it to somehow protect transmissions?
    The chat messages can be sniffed (with ettercap or alike) and you can even inject on the stream. and send messages to someone pretending to be someone else..

    There are a lot of weaknesses in the MSn system..

    you can see that they build on a weak system and expanded it without ever doing a major 'rewrite'...

    source: Venkydude and some rfc's and memo's collected by me
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •