IM account hijacking

| | Comments (2)

sigh I think somebody just hijacked by ICQ account :( That or there is something very rotten in the icq servers.

But then again, any service that does not send auth. information over SSL or equiv…. not good.

I would still like to get my account back though. Any suggestions?

Update: Aparently it was just the icq servers having serious problems. But I should still get away from non-SSL though. Google Talk and Jabber in general seems to be the solutions there.


Dan Veditz said:

If you get a cert (Thawte offers free e-mail web-of-trust certs) AIM will encrypt traffic. I thought the login sequence was already encrypted though — AOL is extremely paranoid about account stealing. ICQ is also run by AOL, are you sure the auth info, as opposed to chat traffic, isn’t encrypted?

beaufour Author Profile Page said:

That certainly depend on the client. Some clients still use the good old “roasted password”, which is just an XOR or the password with a static array. Hurray!

Leave a comment

About this Entry

This page contains a single entry by beaufour published on March 16, 2006 10:44 AM.

XForms 1.0 Second Edition is Rec. was the previous entry in this blog.

XForms Propaganda :) is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Powered by Movable Type 4.1