Page 1 of 3 123 LastLast
Results 1 to 10 of 23

Thread: ICQ - the worst thing that ever happened to privacy and anonymity

  1. #1

    Post ICQ - the worst thing that ever happened to privacy and anonymity

    ICQ is considered by most to be a security threat to its users. During the course of its evolution, it has suffered from many serious bugs and vulnerabilities, such as vulnerabilities that allowed malicious users to probe another user for a lot of information, or to launch attacks with serious effects, ranging from flooding the user's ICQ client with messages, causing it to crash, stealing passwords or even breaking into computers.

    Vulnerabilities have come and gone, but many have stayed. During this tutorial, we will focus on the simple vulnerability, which is caused by the way that ICQ works, and therefore hasn't been patched. It's the vulnerability that allows anyone to view your IP address, and it exists because ICQ is a client-to-client program.

    Even if you tell ICQ not to reveal your IP in the preferences dialog box, under privacy, there are other ways a malicious user might try to find it other than looking at your info and expecting to find it there. Since ICQ is a client-to-client program, messages and other ICQ events are transferred directly from one host to another, without the interference of a server, meaning that if you send someone a message or someone sends you a message, a socket is created between your computer and the other person's computer. What does this mean? This means that anyone who sends or receives an ICQ event from you can use programs such as netstat to view all existing connections, spot the one that belongs to you and get your IP address!

    Try it for your self. Press start, run, and then type command. A DOS window will appear. Type netstat -A and you will receive a list of existing connections, their status and other basic information about them, as well as the IP of the other host which is connected to you through that socket (unless this is a listening socket, which is waiting for a host to connect to it. A listening socket will not give you a "Foreign Address".

    So why doesn't Mirabilis (founder of ICQ) change that? Why doesn't it change ICQ so all events are transferred through the server, so attackers will send and receive events to and from the server and thus will be unable to find other people's IPs? Simple. Because what kind of a mad man would want all those millions of ICQ users moving their traffic through his server? And though AOL (the current owners of Mirabilis) has a lot of money and can probably pay for all this bandwidth, why would they do that? They don't care about your security, and they won't spend an extra cent to improve it. As a result to that, new versions of the ICQ client are released without being properly tested, and new holes are being frequently discovered.

    Of course, the fault is not Mirabilis's alonel. There are also several user-inherent problems, caused by users that reveal private information by writing it into their user account info. Everyone can view your info, so don't reveal anything that you wouldn't like to when you fill out the form in the ICQ account preferences dialog box.

    Remote_Access_

  2. #2
    Old-Fogey:Addicts founder Terr's Avatar
    Join Date
    Aug 2001
    Location
    Seattle, WA
    Posts
    2,007

    Re: ICQ - the worst thing that ever happened to privacy and anonymity

    Originally posted by Remote_Access_
    Since ICQ is a client-to-client program, messages and other ICQ events are transferred directly from one host to another, without the interference of a server, meaning that if you send someone a message or someone sends you a message, a socket is created between your computer and the other person's computer.
    I THINK there is an option somewhere in there to always send stuff through the server. (So messages won't cause a connection in Netstat) They can still see your IP in netstat if you accept a file though. And there are third-party tools to let you see the IP address even if you haven't had any sort of communication before. (In other words, when even netstat won't show you what you want.)

    I would guess that AOL is the main cause. ICQ started out as a pretty efficient system, in the sense that it didn't require a ton of servers to run it. It was pretty cheap to use. Now that AOL bought them, and they have the money... I think they're more interested in getting all the money they can out of it (Banner ads), and watching it slowly die and hoping the users move to AIM.
    [HvC]Terr: L33T Technical Proficiency

  3. #3

    Question ICQ Vs AIM

    I would guess that AOL is the main cause. ICQ started out as a pretty efficient system, in the sense that it didn't require a ton of servers to run it. It was pretty cheap to use. Now that AOL bought them, and they have the money... I think they're more interested in getting all the money they can out of it (Banner ads), and watching it slowly die and hoping the users move to AIM.

    i agree with you. ICQ, to my recollection, is free... but none the less, aol has bought them out inorder for the for ICQ's clients to move to AIM. Thus, the increas in lack of security, banner ads, and various other thing and allowing ICQ to go to the pits.

    Remote_Access_

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    To be honest RA, I think it would be more interesting to read a tutorial regarding how the MSN Messenger 'magic link' worked.

    While ICQ has had it's share of vulnerabilities, you neglect to mention that most, if not all, the IMs have had vulnerabilities, a couple of them far more severe than anything ICQ has had.

    Also, the particular 'vulnerability' you discuss is not limited to ICQ, or even IMs in general, but to anything wherein there is peer-to-peer communication. Anytime someone establishes a connection to your computer, you can find out their IP -- that's how it's supposed to work.
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  5. #5
    Member
    Join Date
    Nov 2001
    Posts
    79
    Originally posted by chsh
    To be honest RA, I think it would be more interesting to read a tutorial regarding how the MSN Messenger 'magic link' worked.
    I must admit i'm curious about this 'magic link' as well! If anybody cares to elaborate on this, many thanks! Yahoo IM is also like this with netstat. How exactly does this socket work? why? Does anybody know more? (does a firewall prevent netstat from working????)

  6. #6

    Talking

    While ICQ has had it's share of vulnerabilities, you neglect to mention that most, if not all, the IMs have had vulnerabilities, a couple of them far more severe than anything ICQ has had.

    i am aware of this. Aol has had numerous vulnerabilities in their IM system. A user used to be able to "punt" or "kick" a user off line with a single message. The bug has been fixed. If i remember correctly, a program called "Blue Cross" contained several methods of doing so. As for yahoo and msn, i've yet to hear of any insidents like this.. And for the "magic link" i'm not exacally sure how it werks

    Remote_Access_

  7. #7
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    Well, the 'Magic Link' IIRC basically let anyone view the contents of your drive....

    Oops, my bad.

    It was the MSN Communities website that had the 'magic link'....
    http://www.theregister.co.uk/content/4/20578.html

    At any rate, I hardly think that ICQ is "the worst thing that ever happened to privacy and anonymity" any more than any other IM. That's a pretty steep thing. Maybe you should replace ICQ with 'Internet' in that sentence, because it's a lot closer to the truth.
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  8. #8

    Exclamation **Note to readers**

    I didn't intend for the topic of my post to read:
    " ICQ- the worst thing that ever happened"

    It was supposed to read:
    " ICQ- the worst thing that ever happened to privacy and anonymity"

    I didnt realize that till i posted it.

    Remote_Access_

  9. #9
    Senior Member
    Join Date
    Oct 2001
    Posts
    101

    Question

    Did you write this tutorial yourself Remote_Access_?
    - Stronzo

    \"Vini, Vici, Vidi\"
    I came, I saw, I conquered.
    - Julius Caesar

  10. #10

    Cool :D

    Why yes, yes i did...

    Remote_Access_

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •