Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: IM security holes?

  1. #1
    Senior Member
    Join Date
    Feb 2002
    Posts
    132

    Post IM security holes?

    Does anyone know of any IM security holes that could potentially be a thread to a network?

    I don't need any flames, yes I have checked google, and I am searching everywhere......I'm just wondering if anyone here remembers any off the top of their head.
    Any help would be appreciated
    thanks
    SlackWare my first, Debian my second....building my box into the ultimate weapon

  2. #2
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Maybe it's just me, but what kind of 'network' are we talking about? (LAN, WAN, NT, Novell)


  3. #3
    Senior Member
    Join Date
    Feb 2002
    Posts
    132
    WAN,

    I am convinced that they are a security issue waiting to happen...I just need something concrete to show my manager before disabling the ports
    SlackWare my first, Debian my second....building my box into the ultimate weapon

  4. #4
    Senior Member
    Join Date
    Sep 2001
    Posts
    800
    Are you talking about a WAN going into a LAN? Like blocking ports of your LAN from being accessed by the WAN?
    [gloworange]\"A hacker is someone who has a passion for technology, someone who is possessed by a desire to figure out how things work.\" [/gloworange]

  5. #5
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628

    Need more input

    You might want to give a little more info about your setup. Telling us that you have a WAN full of hole is nice, but without specifics you aren't going to get very far.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  6. #6
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Get your hands on something like NMAP. Scan your entry point (hopefully a firewall) for the open ports. Armed with that knowledge, go to Mr Google and do a search for exploits related to those ports. Print that Info. and give it to your manager suggesting, if the open ports are not required to do business, then they should be shutdown because of the risks.


    DjM

  7. #7
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,883
    k41d3r07h> Make sure you specify IM security holes in your message also. I normally don't look back at the subject to remember what I am reading about. Looking at your message made it look like you were just asking for any security holes, not IM related holes.

    What IM are you using. There are holes in just about all of them, but they do get patched quite often. Also, an improperly configured client, or a user that is easy to social engineer, can cause even bigger holes within your network.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  8. #8
    Senior Member
    Join Date
    Feb 2002
    Posts
    132
    I see your point souleman...I just noticed my first message and didn't mention security holes in IMs specifically...........I will edit that

    I'm actually looking at all of them.
    I know people are using ICQ, AIM and M$Messenger.

    I know of many holes that come out....but I need good REASON to disallow their use.

    As in, "Hello Manager, These programs are a threat to xxxxx corp. because of yyyyy. Hence I think we should discontinue the staff's ability to use such programs"
    SlackWare my first, Debian my second....building my box into the ultimate weapon

  9. #9
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,883
    Find out if your HR department gets "Best Practices in HR" Issue 705 (Jan. 3,2001) issue has am article about why you shouldn't use IM in a business. IT doesn't go into a lot of details, but it does talk about Privacy risks, Information risks, and Virus risks. It includes things like the fact that getting a file via IM doesn't go through a virus checker, so unless it is exlicitly checked, the user may install a virus before (s)he knows what hit them.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  10. #10
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Sorry man, I too didn't know you were talking about Instant Messaging systems. These days, these systems are very popular for spreading a bunch of nasty Viruses and Trojan's. If your Manager/Company is not concerned about these risks, they should be.

    DjM

    In addition, here are a couple of links you may want your manager to checkout:

    Number 1

    Number 2


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •