Presentation is loading. Please wait.

Presentation is loading. Please wait.

Instant Messaging Security Flaws By: Shadow404 Southern Poly University.

Published byCameron Ray Modified over 8 years ago

Similar presentations

Presentation on theme: "Instant Messaging Security Flaws By: Shadow404 Southern Poly University."— Presentation transcript:

1 Instant Messaging Security Flaws By: Shadow404 Southern Poly University

2 Major Problems With IM Messaging Software 1. Messages are sent in clear text. 2. File Transfers 3. Conversation Logs 4. Sender Credentials 5. Profile Listings and User Privacy 6. Passwords

3 Messages In Clear Text 1. Allows the inexperienced hacker to use a packet sniffer to read conversations. 2. All buddy list updates are sent in clear text. 3. Confidential information could be discussed in clear text.

4 File Transfers 1. They allow a medium which by is easier to fake a reputable file than over e-mail. 2. Most instant messaging software does not warn the user of the danger of accepting file transfers. 3. Most users will accept and open these files without second thought.

5 Conversation Logs 1. If a computer is compromised, logs can be obtained which could hold incriminating, sensitive, or harmful information. 2. With some clients, by default, logs are kept without asking if its ok. 3. Logs can be altered and then used as incorrect evidence, convicting someone of something that was not really discussed.

6 Sender Credentials 1. How do you know for sure that the person sending the message is really the person you think it is? 2. Man in Middle Attacks. 3. PGP key. 4. Unique User Identification.

7 Profile Listings and User Privacy 1. Many users list everything you’ve ever wanted to know about a person. 2. For example, on AIM, the profile asks for your whole name, address, zip, state and country. 3. So how easy is it to then reverse this information and find out all you wanted to know about someone online?

8 Passwords 1. Stored passwords pose a huge security risks, because the passwords have to be stored somewhere on the machine. 2. Like the clear text example, passwords are sometimes sent in clear text. 3. There is always going to be an inherent risk when passwords are used to gain access to restricted zones.

9 5 Major Instant Messaging Clients and Some Flaws of Each. Clients that will be discussed: 1. AIM (AOL Instant Messenger) 2. Yahoo Messenger 3. Skype 4. MSN Messenger (Microsoft Network) 5. IRC (Internet Relay Chat)

10 AIM 1. Messages are sent in clear text. 2. Buddy list updates are received in clear text. 3. By default, anyone can see you logon as well as pull up buddy info on you. 4. All conversations have to go through an AIM central server, which makes the clear text conversations even more vulnerable if

11 AIM (cont.) AIM (cont.) 4.(cont.) a hackers were able to pull off a successful server side hack, which could leave any user of AIM open to eavesdropping. 5. Buffer overflow issues, redirect to URL to where more malicious code can be downloaded. (http://www.aim.com/help_faq/security/faq.adp?a olp= )http://www.aim.com/help_faq/security/faq.adp?a olp= 6. Man in the Middle password hack vulnerability.

12 Yahoo Messenger 1. Messages are sent in clear text. 2. Buddy list updates are also sent in clear text. 3. In some versions of the client software, a buffer overrun vulnerability has been reported using an active-x control to download malicious code from a web-site. (http://www.pcworld.com/news/article/0,aid,113723, 00.asp)http://www.pcworld.com/news/article/0,aid,113723, 00.asp

13 Skype 1. Messages are sent directly to the other party rather than through a server. 2. This is a problem because you IP# number is not hidden from the receiving party. 3. Certain versions of Skype are also vulnerable to buffer overflow problems. (http://www.skype.com/security/ssa-2004- 02.htm )http://www.skype.com/security/ssa-2004- 02.htm 4. Logs are kept by default without asking.

14 MSN Messenger 1. Messages sent in clear text. 2. Remote Code Exploitation: http://www.microsoft.com/technet/securit y/bulletin/MS05-009.mspx http://www.microsoft.com/technet/securit y/bulletin/MS05-009.mspx

15 IRC 1. Messages are sent in clear text. 2. Many vulnerabilities have been identified. 3. Third-party scripts and bots sometimes have malicious code that runs on a users machine. http://www.irchelp.org/irchelp/security/ http://www.irchelp.org/irchelp/security/ 4. DCC file transfer security flaws. 5. IP address publicly displayed.

16 What can you do to secure your system? 1. Keep your software up-to-date. 2. Do not talk about anything sensitive (I.e. Credit card #’s, telephone #’s, financial information, etc) using instant messaging software. 3. Institute a security lockdown or filtering of instant messaging conversations in a business environment.

17 What can you do to secure your system? (cont) 4. Change your passwords regularly. 5. Ensure the person you are talking to is really the person you think it is. (Ask personal questions that only they would know if you suspect an imposter, or call the person in question to verify.) 6. Use a proxy/bnc to mask your IP. 7. Ensure the firewall is up-to-date and working properly.

18 Credits and Shoutouts Credits: DAD (Joe Klein) Shout Outs: Hacksonville Crew Yak Crew 404-2600 Copy of speech can be found at: www.shadow404.com/111

Download ppt "Instant Messaging Security Flaws By: Shadow404 Southern Poly University."

Similar presentations

Unit 1: Module 1 Objective 10 identify tools used in the entry, retrieval, processing, storage, presentation, transmission and dissemination of information;

Unit 1: Module 1 Objective 10 identify tools used in the entry, retrieval, processing, storage, presentation, transmission and dissemination of information;
Breaking Trust On The Internet

Breaking Trust On The Internet
Computer Ethics Ms. Scales. Computer Ethics Ethics  the right thing to do Acceptable Use Policy  A set of rules and guidelines that are set up to regulate.

Computer Ethics Ms. Scales. Computer Ethics Ethics  the right thing to do Acceptable Use Policy  A set of rules and guidelines that are set up to regulate.
Prepared by: Nahed Al-Salah

Prepared by: Nahed Al-Salah
Computer Viruses.

Computer Viruses.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Threats To A Computer Network

Threats To A Computer Network
IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information.

IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information.
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
Protecting Yourself Online. VIRUSES, TROJANS, & WORMS Computer viruses are the common cold of modern technology. One e-mail in every 200 containing.

Protecting Yourself Online. VIRUSES, TROJANS, & WORMS Computer viruses are the "common cold" of modern technology. One in every 200 containing.
Securing Instant Messaging Matt Hsu. Outline Introduction Instant Messaging Primer Instant Messaging Vulnerabilities and Exploits Securing Instant Messaging.

Securing Instant Messaging Matt Hsu. Outline Introduction Instant Messaging Primer Instant Messaging Vulnerabilities and Exploits Securing Instant Messaging.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
Teach a man (person) to Phish Recognizing email scams, spams and other personal security attacks July 17 th, 2013 High Tea at IT, Summer, 2013.

Teach a man (person) to Phish Recognizing scams, spams and other personal security attacks July 17 th, 2013 High Tea at IT, Summer, 2013.
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.

Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
Secure Public Instant Messaging (IM): A Survey Mohammad Mannan Paul C. Van Oorschot Digital Security Group School of Computer Science Carleton University,

Secure Public Instant Messaging (IM): A Survey Mohammad Mannan Paul C. Van Oorschot Digital Security Group School of Computer Science Carleton University,
1 Computer Security: Protect your PC and Protect Yourself.

1 Computer Security: Protect your PC and Protect Yourself.
Trojan Horse Implementation and Prevention By Pallavi Dharmadhikari Sirisha Bollineni VijayaLakshmi Jothiram Vasanthi Madala.

Trojan Horse Implementation and Prevention By Pallavi Dharmadhikari Sirisha Bollineni VijayaLakshmi Jothiram Vasanthi Madala.
11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 

11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 

Similar presentations

Ads by Google