ICQ security

Subject: ICQ security
From: bram (bramgawth.com)
Date: Mon Dec 06 1999 - 01:28:55 CST

• Next message: lcs Mixmaster Remailer: "Re: Lucre fixed?"
• Previous message: lcs Mixmaster Remailer: "Re: Secure generation of primes"
• Reply: Jeremey Barrett: "Re: ICQ security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I was just poking around ICQ and noticed the options for 'Security Level'

Low Password will automatically be saved and used

Medium Password must be entered to change user information only

High Password must be entered to load ICQ

Immediately upon reading that, a little mouse in the back of my brain
started saying 'but ... but ... doesn't that mean that in medium security
YOU'RE LOGGING IN WITHOUT EVER SENDING A PASSWORD?'

Then I remembered - that was figured out when the protocol was
reverse-engineered.

My point is, it was completely unnecessary to hack the protocol to find
out ICQ is insecure - all you had to do was read the documentation.

-Bram

• Next message: lcs Mixmaster Remailer: "Re: Lucre fixed?"
• Previous message: lcs Mixmaster Remailer: "Re: Secure generation of primes"
• Reply: Jeremey Barrett: "Re: ICQ security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Mon Dec 06 1999 - 03:43:25 CST