Re: [IWAR] EXPLOIT ICQ, AOL

From: Mark Hedges (hedgesat_private)
Date: Fri Jun 05 1998 - 11:23:02 PDT

  • Next message: 7Pillars Partners: "[IWAR] HACK Stanford SLAC"

    *puts on suit and tie*
    
    Here in about a month we'll have a product called Anonymizer Pipeline which
    can be used to tunnel all data services. It could provide secure (and
    optionally authenticated) access to a MUSH (multi-user shell) or some kind
    of chat system. We could also set up local unix shells for using the SSH
    encrypted telnet software from DataFellows. Also, we can provide access to
    a web-based chat system using the standard SSL/SSLeay browser encryption if
    someone wants to rent a little space (cheap) and set up and administrate
    the chat program (easy). You could write a line in the script to require a
    password, which you could change for the individual session and distribute
    to the forum members. We keep a reasonably close eye on the latest security
    patches from Sun, although, of course, possibilities abound. Anyone
    interested should let us know their budget and we'll see about setting
    things up.
    
    *removes suit and tie*
    
    -hedges-
    
    >I know a lot of people in the business community are using ICQ or the AOL
    >Instant Messenger systems for realtime commo.  We rejected them for use based
    >on security concerns, and it looks like some of the details are coming out.
    >There are posted exploits on rootshell.com, look them over, and if you are
    >using any of the instant chat tools and perform mission critical work, dump
    >them.  -MW
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:09:26 PDT