Instant Messaging Security Flaws By: Shadow404 Southern Poly University.

Slides:



Advertisements
Similar presentations
Unit 1: Module 1 Objective 10 identify tools used in the entry, retrieval, processing, storage, presentation, transmission and dissemination of information;
Advertisements

Breaking Trust On The Internet
Computer Ethics Ms. Scales. Computer Ethics Ethics  the right thing to do Acceptable Use Policy  A set of rules and guidelines that are set up to regulate.
Prepared by: Nahed Al-Salah
Computer Viruses.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Threats To A Computer Network
IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information.
Security+ Guide to Network Security Fundamentals, Third Edition
Protecting Yourself Online. VIRUSES, TROJANS, & WORMS Computer viruses are the "common cold" of modern technology. One in every 200 containing.
Securing Instant Messaging Matt Hsu. Outline Introduction Instant Messaging Primer Instant Messaging Vulnerabilities and Exploits Securing Instant Messaging.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
Teach a man (person) to Phish Recognizing scams, spams and other personal security attacks July 17 th, 2013 High Tea at IT, Summer, 2013.
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
Secure Public Instant Messaging (IM): A Survey Mohammad Mannan Paul C. Van Oorschot Digital Security Group School of Computer Science Carleton University,
1 Computer Security: Protect your PC and Protect Yourself.
Trojan Horse Implementation and Prevention By Pallavi Dharmadhikari Sirisha Bollineni VijayaLakshmi Jothiram Vasanthi Madala.
11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 
The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
PART THREE E-commerce in Action Norton University E-commerce in Action.
Staying Safe. Files can be added to a computer by:- when users are copying files from a USB stick or CD/DVD - downloading files from the Internet - opening.
VPN AND SECURITY FLAWS Rajesh Perumal Clemson University.
 Computer Hacking is the practice of modifying computer hardware and software to accomplish a goal outside of the creator’s original purpose.  the act.
Web Server Administration Chapter 10 Securing the Web Environment.
By Kyle Slinger.  A network is where you can send information to and from different PCs.
WXET1143 Lecture7: , Chat and Messaging. Introduction  Electronic mail is everywhere.  Now many people in business, government, and education use.
Staying Safe Online Keep your Information Secure.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS). SELECT AND USE APPROPRIATE METHODS TO MINIMISE SECURITY RISK TO IT SYSTEMS AND DATA 1.1 I can describe.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
Forensic and Investigative Accounting Chapter 14 Internet Forensics Analysis: Profiling the Cybercriminal © 2005, CCH INCORPORATED 4025 W. Peterson Ave.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.
1 CHAPTER 2 LAWS OF SECURITY. 2 What Are the Laws of Security Client side security doesn’t work Client side security doesn’t work You can’t exchange encryption.
Types of Electronic Infection
Phishing scams Phishing is the fraudulent practice of sending s purporting to be from reputable companies in order to induce individuals to reveal.
Protecting Students on the School Computer Network Enfield High School.
Specialist communication channel. Sarah-Jane king.
Lecture 20 Hacking. Over the Internet Over LAN Locally Offline Theft Deception Modes of Hacker Attack.
CIS 450 – Network Security Chapter 4 - Spoofing. Definition - To fool. In networking, the term is used to describe a variety of ways in which hardware.
Copyright ©2005 CNET Networks, Inc. All rights reserved. Practice safety Learn how to protect yourself against common attacks.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
THE INTERNET. TABLE OF CONTENT CONNECTING TO THE INTERNET ELECTRONIC MAIL WORLD WIDE WEB INTERNET SERVICES.
Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?
Security fundamentals Topic 9 Securing internet messaging.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.
Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.
Computer Security By Duncan Hall.
INTRODUCTION & QUESTIONS.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Introduction to Network Security. Acknowledgements.
Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab.
By: Jasmin Smith  ability to control what information one reveals about one’s self over the Internet.
Spoofing The False Digital Identity. What is Spoofing?  Spoofing is the action of making something look like something that it is not in order to gain.
PCs ENVIRONMENT and PERIPHERALS Lecture 10. Computer Threats: - Computer threats: - It means anything that has the potential to cause serious harm to.
Electronic mail News File transfer protocol Chat Instant messaging Online services Online shopping.
General Information: This document was created for use in the "Bridges to Computing" project of Brooklyn College. You are invited and encouraged to use.
Unit 1 Understanding computer systems: How legal, ethical, safety and security issues affect how computers should be used OCR Cambridge Nationals in ICT.
Main Features of iSafe All-in-One Keylogger Universal keylogger of isafe, Inc. Suitable for home parental control,corporate employee monitoring and cheating.
ETHICAL HACKING Presentation By: FATHIMA SHIMNA S3 ECE ROLL NO: 31 1.
Unit 4 IT Security.
Secure Software Confidentiality Integrity Data Security Authentication
Wireless Network Security
Teaching Computing to GCSE
Computer Security.
Bethesda Cybersecurity Club
Unit 32 Every class minute counts! 2 assignments 3 tasks/assignment
Presentation transcript:

Instant Messaging Security Flaws By: Shadow404 Southern Poly University

Major Problems With IM Messaging Software 1. Messages are sent in clear text. 2. File Transfers 3. Conversation Logs 4. Sender Credentials 5. Profile Listings and User Privacy 6. Passwords

Messages In Clear Text 1. Allows the inexperienced hacker to use a packet sniffer to read conversations. 2. All buddy list updates are sent in clear text. 3. Confidential information could be discussed in clear text.

File Transfers 1. They allow a medium which by is easier to fake a reputable file than over Most instant messaging software does not warn the user of the danger of accepting file transfers. 3. Most users will accept and open these files without second thought.

Conversation Logs 1. If a computer is compromised, logs can be obtained which could hold incriminating, sensitive, or harmful information. 2. With some clients, by default, logs are kept without asking if its ok. 3. Logs can be altered and then used as incorrect evidence, convicting someone of something that was not really discussed.

Sender Credentials 1. How do you know for sure that the person sending the message is really the person you think it is? 2. Man in Middle Attacks. 3. PGP key. 4. Unique User Identification.

Profile Listings and User Privacy 1. Many users list everything you’ve ever wanted to know about a person. 2. For example, on AIM, the profile asks for your whole name, address, zip, state and country. 3. So how easy is it to then reverse this information and find out all you wanted to know about someone online?

Passwords 1. Stored passwords pose a huge security risks, because the passwords have to be stored somewhere on the machine. 2. Like the clear text example, passwords are sometimes sent in clear text. 3. There is always going to be an inherent risk when passwords are used to gain access to restricted zones.

5 Major Instant Messaging Clients and Some Flaws of Each. Clients that will be discussed: 1. AIM (AOL Instant Messenger) 2. Yahoo Messenger 3. Skype 4. MSN Messenger (Microsoft Network) 5. IRC (Internet Relay Chat)

AIM 1. Messages are sent in clear text. 2. Buddy list updates are received in clear text. 3. By default, anyone can see you logon as well as pull up buddy info on you. 4. All conversations have to go through an AIM central server, which makes the clear text conversations even more vulnerable if

AIM (cont.) AIM (cont.) 4.(cont.) a hackers were able to pull off a successful server side hack, which could leave any user of AIM open to eavesdropping. 5. Buffer overflow issues, redirect to URL to where more malicious code can be downloaded. ( olp= ) olp= 6. Man in the Middle password hack vulnerability.

Yahoo Messenger 1. Messages are sent in clear text. 2. Buddy list updates are also sent in clear text. 3. In some versions of the client software, a buffer overrun vulnerability has been reported using an active-x control to download malicious code from a web-site. ( 00.asp) 00.asp

Skype 1. Messages are sent directly to the other party rather than through a server. 2. This is a problem because you IP# number is not hidden from the receiving party. 3. Certain versions of Skype are also vulnerable to buffer overflow problems. ( 02.htm ) 02.htm 4. Logs are kept by default without asking.

MSN Messenger 1. Messages sent in clear text. 2. Remote Code Exploitation: y/bulletin/MS mspx y/bulletin/MS mspx

IRC 1. Messages are sent in clear text. 2. Many vulnerabilities have been identified. 3. Third-party scripts and bots sometimes have malicious code that runs on a users machine DCC file transfer security flaws. 5. IP address publicly displayed.

What can you do to secure your system? 1. Keep your software up-to-date. 2. Do not talk about anything sensitive (I.e. Credit card #’s, telephone #’s, financial information, etc) using instant messaging software. 3. Institute a security lockdown or filtering of instant messaging conversations in a business environment.

What can you do to secure your system? (cont) 4. Change your passwords regularly. 5. Ensure the person you are talking to is really the person you think it is. (Ask personal questions that only they would know if you suspect an imposter, or call the person in question to verify.) 6. Use a proxy/bnc to mask your IP. 7. Ensure the firewall is up-to-date and working properly.

Credits and Shoutouts Credits: DAD (Joe Klein) Shout Outs: Hacksonville Crew Yak Crew Copy of speech can be found at:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.