silly question, but has anyone written a bot using gaim or jaim? --- Nick Lange <nicklangeat_private> wrote: > Trillian allows SSL over AIM protocol [or did allow > in .72, haven't checked > the RC1 release yet]. > lICQ allowed SSL over ICQ as well... > so it's there if you're willing to use alternative > clients, but most people > don't. > nick > ----- Original Message ----- > From: "Alex Lambert" <alambertat_private> > To: "Adam Carr" <itsacarrat_private>; > <vuln-devat_private> > Sent: Tuesday, August 06, 2002 11:15 AM > Subject: Re: In regards to the insecurity of AOL > Instant Messenger > > > > > Now my question, is how secure are normal "ims" > on AIM. How difficult = > > > would it be to listen to anothers msgs and if at > all possible, how could > = > > > this be fixed.=20 > > > > "msgsnarf records selected messages from > AOL Instant Mes- > > senger, ICQ 2000, IRC, MSN Messenger, or > Yahoo Messenger > > chat sessions." (msgsnarf(8) manpage) > > > > AFAIK, none of the above protocols are usually > encrypted. dsniff > > > (http://www.monkey.org/~dugsong/dsniff/dsniff-2.3.tar.gz) > can pick them > up. > > > > > > > > apl > > ----- Original Message ----- > > From: "Adam Carr" <itsacarrat_private> > > To: <vuln-devat_private> > > Sent: Monday, August 05, 2002 5:58 PM > > Subject: In regards to the insecurity of AOL > Instant Messenger > > > > > > > After seeing the recent emails about the hide > windows while away = > > > function while I don't quite understand that as > a security threat this = > > > does remind me of other insecurities of AIM and > some questions I had as > = > > > well. > > > > > > The first threat to AIM users that I am aware of > and have tested myself > = > > > is under Direct Connects with another user. With > a targets ip, it is not > = > > > difficult at all to intercept the dcc's messages > and to input your own. > = > > > Quite frightening. A simple fix is to change the > port which AIM direct = > > > connects on. Seeing as how my explanations are > not that great I invite = > > > anyone else who is aware of this to explain that > flaw in AIM. > > > > > > Now my question, is how secure are normal "ims" > on AIM. How difficult = > > > would it be to listen to anothers msgs and if at > all possible, how could > = > > > this be fixed.=20 > > > > > > I know AIM has\had it's share of other > vulnerabilities so please speak = > > > up if you know of any. Thanks ... > > > > > > Cheers ... > > > Adam > > > > > > > > > > > > > > > > > >
This archive was generated by hypermail 2b30 : Tue Aug 06 2002 - 11:20:22 PDT