Hi. I'm a newbie and a little bit overwhelmed about all I thought I knew - but now realise that I have absolutely no idea about!!

Even at my low point of the learning curve, I know that instant messaging is vulnerable to exploits and has major security issues. The thing is, how do I go about highlighting these problems - that is, providing 'working examples' - without compromising my own (Windows) system?

So far I've just been experimenting with user stupidity and common sense (yes, that's a viable problem); finding the IP address; port scanning; packet sniffing; password cracking, and virus protection.

Currently the programmes I am testing are :

* ICQ
* Trillian (with ICQ, Yahoo!, AIM and MSN accounts)
* Jabber / Business IM
* ePOP
* SCIM
* CryptTalk

Any help, advice or direction would be very much appreciated.