A Little Note on ICQ Security.

Printable View

June 19th, 2002, 01:44 AM
xmaddness

A Little Note on ICQ Security.

I figured I would let this out to help prevent people from falling into this trap.

In ICQ some people for security reasons put fake e-mail addresses in there user info. This is a major security hole. Say I use the e-mail user contact as [email protected]. A hacker could see your info, and try opening an account in hotmail under [email protected]. If this e-mail address doesn't exsist you could open it, then send a request to ICQ that you lost your password and the password is sent to [email protected] thus giving the hacker your password. I saw this in a neworder.box.sk newsletter and figured I would let you all know. The original was in a newsletter and was written by [email protected] and I don't think he posted it to any site. For more info contact him.
June 21st, 2002, 10:03 PM
Prankster

that's very interesting, thanks. Just like the thing on hotmail, all you have to do is guess thier country and then get their secret question right. If it is a stupid question like "what is my dog's name?" then anyone that knows your dog's name can change your password. Secret questions are a very good idea, just make sure the question is something that only you know, and no-one else can find out.

p
June 21st, 2002, 10:24 PM
nebulus200

Good point to consider, thanks for the info.

Neb
June 21st, 2002, 10:27 PM
Unleashed

And just like the thing in almost all online accounts.
June 21st, 2002, 10:31 PM
Leviatan

This is very clever, thanks for pointing this out.
June 21st, 2002, 10:37 PM
Unleashed

BTW, I think it would be more nice if you hide the e-mail address in ICQ. cause many spammers may steal it and you will ged headache when you open your mailbox.
June 21st, 2002, 10:50 PM
DÆmon~X

Not to mention all the *other*[[http://insecure.org/sploits.html] exploits, hacks and holes in it.

-DÆmon
July 1st, 2002, 08:24 AM
Syini666

Also, dont just abandon email accounts. Just because you remove the account as your primary account, or even delete it completely from your profile, dosent mean its a dead account. ICQ has a little known (or at least it seems like it) feature, allowing a sort of backwards-compatible password retrieval system. You can send your password to any account that has ever been listed as your primay account, so if for some reason you switch primary emails, make sure to close down that accout, lest some annoying lamer come alone and hijack your icq.