MSN Messenger Compromised

by 2SYN 9 Replies latest jw friends

  • 2SYN
    2SYN

    Just forwarding an email I received to everyone on the board. Figured a lot of people here might find it interesting.

    So many security specialists warned against IM(Instant Messenger) security

    before.

    This is one of the proof of concept code against sensitive IM security,

    named project "MSN666"

    as you see, the name 'msn666' tells It's about Microsoft MSN Messenger.

    yah, it was the interesting stuff of our project as a common IM.

    msn666 is the simple sniffer for intercepting MSN MESSEGES on your

    network.

    In fact, msn666 analyzes msn message protocol for every packets and prints

    msn message sessions

    to your monitor, it's due to Microsoft MSN Messenger uses plain text to

    communicate with.

    therfore as a result, you could know "who is on the net", "who talks to

    whom" and "what they say"

    you could get msn666 from

    xxxxxxxxxxxxxxxxxxxxxx (URL omitted for security reasons)

    ++

    xxxxxxxx, xxxxxxxxx Group of Research for Unix Security

    [e-mail] xxxxxxxxxxxxxx

  • Cassiline
    Cassiline
  • Grout
    Grout

    SYN, that report smells a bit like an urban legend in a chain letter. I don't see any references to the original person or agency who found the problem and reported it. Let's not assume this is true without some confirmation.

  • 2SYN
    2SYN

    Grout, go read Bugtraq and find the original email, then download the sample exploit, then have fun with your company network! It was mailed to me about an hour ago, so it should be close to the top.

    Well, to be honest, I didn't try out the exploit myself for 2 reasons:

    1. I don't have the neccessary adminastrators rights, and obviously I'm not allowed to run my NIC in "promiscuous" mode at work.
    2. Although I haven't checked, there's an excellent chance that the tarball only contains source that'll build and run on a *NIX flavour, and I haven't currently got access to any form of *NIX at work, and the sheer grunt work of converting a big pile of networking code to work under NT would just break me

    You may be right, but, more likely, this is a real exploit. I don't take stuff like this lightly!

  • Xander
    Xander

    LOL! SYN, if you are on a network that you can run your NIC in 'promiscuous mode' and have enough disk space to store it all, you can read ANY IP based communication.

    How do you think carnivore works?

  • 2SYN
    2SYN

    Hehe, yeah Xander. It really sucks that the MS engineers didn't run at least some sort of lame encryption on the stuff that Messenger transmits - I mean, come on! The tool presented above is just a more refined way of intercepting ONLY MSN Messenger-based traffic, not the whole SPEW! Apparently Carnivore searches for keywords too, like "bomb" "plane" and "Bush"!

  • Grout
    Grout

    I fail to find network sniffing a new or interesting attack. I use ssh for everything that needs to be private. You could sniff that all day and not learn a darn thing.

    PS: I don't subscribe to bugtraq any more. Maybe I should.

    Edited by - grout on 13 June 2002 18:55:43

  • Xander
    Xander
    . It really sucks that the MS engineers didn't run at least some sort of lame encryption on the stuff that Messenger transmits

    Why would they? If you're running IE, look at the bottom of your browser. You see a padlock icon? No? That means all the data being sent back and forth is in plain, unencrypted text. (Well, that's obviously not COMPLETELY true, but it's unencrypted nonetheless). Email is unencrypted, HTML is (usually) unencrypted, etc. Why would they encrypt messenger?

  • 2SYN
    2SYN

    Well, their target market is huge. Surely with that many people involved they'd want to insure some degree of anonimity?

    Grout: Yeah, I get maybe one interesting message per month from BT...it's frightfully boring, but I stay subscribed. You never know what'll happen I, too, use SSH for all critical communications, but sadly not many people know how to do that. Raw IP hacks are boring, I agree, but this one affects a BOATLOAD of people!

  • Grout
    Grout

    syn: Well, it'll certainly get the attention of a boatload of people; if they learn something from the scare, that will have been worth it. It seems like that was the original authors intention, so maybe this'll be the black hat who saves the town.

Share this

Google+
Pinterest
Reddit