IM account hijacking

By beaufour on March 16, 2006 10:44 AM | | Comments (2)

sigh I think somebody just hijacked by ICQ account :( That or there is something very rotten in the icq servers.

But then again, any service that does not send auth. information over SSL or equiv…. not good.

I would still like to get my account back though. Any suggestions?

Update: Aparently it was just the icq servers having serious problems. But I should still get away from non-SSL though. Google Talk and Jabber in general seems to be the solutions there.

Categories:

2 Comments

Dan Veditz said:

If you get a cert (Thawte offers free e-mail web-of-trust certs) AIM will encrypt traffic. I thought the login sequence was already encrypted though — AOL is extremely paranoid about account stealing. ICQ is also run by AOL, are you sure the auth info, as opposed to chat traffic, isn’t encrypted?

March 17, 2006 9:45 PM
beaufour Author Profile Page said:

That certainly depend on the client. Some clients still use the good old “roasted password”, which is just an XOR or the password with a static array. Hurray!

March 22, 2006 7:10 PM

Leave a comment

Main Site

About this Entry

This page contains a single entry by beaufour published on March 16, 2006 10:44 AM.

XForms 1.0 Second Edition is Rec. was the previous entry in this blog.

XForms Propaganda :) is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Powered by Movable Type 4.1