Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Instant messenger's

from [Desai, Dipen] Network Security [Permanent Link]
Subject: RE: Instant messenger's
Date: Wed, 27 Jul 2005 18:44:33 -0700 
That's an interesting point. There has been a significant increase in
the number of malware using well-known IM clients like AIM and MSN
Instant messenger to spread across the internet. However, it really
depends on the individual malware program as to what kind of code it
carries with it, whether it looks to exploit the actual client
application or the inherent protocol being used by the messenger
service. For e.g. there have been some worms that spread by using MSN
Instant messenger's File transfer service, in which they send a copy of
itself to the online contacts found on the victim's MSN list. In the
older versions of MSN Messenger a simple MSN FTP protocol was being used
however now a more secured P2P protocol with Base64 encoding is being
used for File transfer. Still the worms are exploiting the File transfer
service to spread across the internet.

And yes as pointed out by many others that even GAIM will have flaws,
but I am sure number of malwares written to exploit the flaws of
well-known clients will be much higher.

Thanks,
Deepen Desai
www.ipolicynetworks.com

-----Original Message-----
From: Chris Griffin [mailto:cgriffin@dcmindiana.com] 
Sent: Wednesday, July 13, 2005 8:05 AM
To: pen-test@securityfocus.com
Subject: Instant messenger's

Hey List.

I figure this list could be best for this question, since I'd think the
pen testers
would be more up to date on spreading vulns.

With all the IM flaws out there, does it more than not, stem from the
protocol?
or the actual client?

My main point being, is using GAIM (or any other all in one for that
matter) for msn, yahoo, aim chats more secure than the "name brand"
clients?


Thanks!






------------------------------------------------------------------------
CONFIDENTIALITY NOTICE:

This e-mail message, including any attachments, is for the sole use of
the intended recipient(s) and may contain confidential and privileged
information. Any unauthorized review, use, disclosure or distribution is
prohibited. If you are not the intended recipient, please contact the
sender by reply and destroy all copies of the original message.
------------------------------------------------------------------------
---
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Is there any way to measure IT Security??, Craig Wright
Next by Date:  RE: Identification of non Cisco AP's, Jonathan Gauntt
Previous by Thread:  RE: Instant messenger's, Todd Towles
Next by Thread:  Professional use keylogger, securityfocus
Indexes:  [Date] [Thread] [Top] [All Lists]