lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Pine.LNX.4.63.0604052009520.6721@elise.vidarlo.net>
Date: Wed Apr  5 19:11:51 2006
From: vidarlo at vestdata.no (Vidar Løkken)
Subject: obtai an IP of an MSN Messenger contact

On Wed, 5 Apr 2006, n3td3v wrote:

> If you want the IP of a user on Yahoo Messenger, all you do is add a user to
> your list with social engineering techniques, then you listen on port 5101
> and send the victim a normal instant message. Yahoo compromises security in
> that way by attempting to establish a peer to peer connection between
> consumer clients, to save on server useage. Yahoo don't care how easy it is
> to obtain a users IP by simply sending someone an instant message. Yahoo say
> the fact you need to add each other to a friends list first is good enough
> security to protect its users.

I don't see this as a problem really, since it is trivial to lure a user 
into a website one controles, by sending a unique url to someone. Besides, 
a IP is not a sensitive piece of information in any way, as you leave it 
at any website you surf by.
Could you care to explain why I should care if Joe R. Andom Cracker has my 
from yahoo IM?

-- 
Regards,
Vidar
Better dead than mellow.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ