Bryce Walter wrote: > Yes, but how tough would it be to write your own client to send msgs on the > icq network. MS did it w/ AOL's instant messenger. :) If you head over to freshmeat.net, you can find a variety of ICQ protocol clients covered under various open source licences. Most of these programs ignore most of the restrictions of the closed source "Official" Windows ICQ client. Any exploits will likely use a modified client, or ICQlib. An interesting problem arose in the past was when one of the developers of these found you could just send a password of 9+ characters to the login servers, and be authenticated as anyone. This buffer overflow solved the problem of assuming the guise of a trusted individual. I think that AOL has fixed the problem since then, but if you can masquerade as a legitimate person (enough to get past any security settings on the target's machine), it would be trivial to then cause problems, given that they are running ICQ 99. A lot of people will let you onto their lists just "for chat," too, so becoming a trusted user may be trivial, regardless of ICQ login servers. Another reason to keep the version you like of closed source apps around. ICQ 98 exhibits none of the security holes that ICQ 99 does, AFAIK. -- Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:29:22 PDT