Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Knud Erik Højgaard - CyberCity Support (kainPERKER.DK)
Date: Wed Mar 28 2001 - 04:17:43 CST
to me it seems like you would need the users password to authenticate on the
icq server.. if you didn't, i could imagine a lot worse scenarios that
knocking people off.. like hijacking all accounts and changing their
password, since icq doesn't ask for your old password when you want to
change it.. byebye icq .. :)
Med venlig hilsen
Knud Erik Højgaard <knudcybercity.dk>
Cybercity Erhvervssupport <supporterhverv.cybercity.dk>
Tlf 33 98 30 60
|-- Jesus saves, but only Buddha makes incremental backups --|
From: VULN-DEV List [mailto:VULN-DEVSECURITYFOCUS.COM]On Behalf Of Geo.
Sent: 26. marts 2001 21:22
Subject: ICQ exploit
While playing around with my laptop and desktop today I noticed something
If you have ICQ setup on 2 machines using the same ICQ number, as soon as
the second machine starts ICQ up the first machine gets an error about your
ICQ number being used on another machine and immediately takes ICQ off line.
I don't know the mechanism that allows this but has anyone considered an
exploit based upon this mechanism? Seems to me a sequential run could knock
a whole bunch of people off ICQ..