The instant messengers aren't safe enuff..
You really dun know the things till u go into the depth..well studying closely the architecture of a web messenger i see ...that if a person wid something bad cooking in his mind can easily design a system to get the passwords without the users even knowing it..they wont have a slightest clue about the entire program.
While going through a security site i found this article interesting so i decided to mention it here..
"Now that companies are getting better at stopping e-mail viruses, says Dan Ingevaldson, director of R&D at ISS, instant messengers are the next obvious target for malicious code and viruses in the future. Also, most popular chat apps do not use a secure layer for text messages, meaning that anyone could intercept and read IM chats outside your corporate firewall.
A HANDFUL OF successful worms have already infected instant-messenging clients, including Aplore, which spreads via AOL Instant Messenger (AIM); Goner, which takes advantage of ICQ; and CoolNow, Message from Jerry (also known as Hello), and Choke, which are all spread via MSN Messenger. So far, no viruses have successfully infected Yahoo Messenger.
Earlier this year, the security organization w00w00 reported two buffer overflows in AIM, the first in January and the second in April. These vulnerabilities, now patched by AOL, made it possible for an attacker to steal your buddy list and spread malicious code throughout the entire AIM community--as well as run malicious code on your computer.
ISS has published a white paper detailing the technical countermeasures system administrators might employ regarding AIM, MSN Messenger, Yahoo Messenger, and ICQ.
Ingevaldson says a lot of companies simply do not allow employees to use instant messengers on the job. Trouble is, the genie is out of the bottle. Instant messaging fills a niche between a phone call and e-mail--it's fast, and not too intrusive. Plus, it's hard to keep employees from installing it, and hard to stop them from using a proxy once they discover the default IM ports have been blocked. "
Like..the popular Yahoo Messenger automatically attempts to connect to non-blocked ports, including port 23, which is used for telnet.
"It is unlikely companies would block telnet," said Ingevaldson. "Yahoo Messenger was designed to make it difficult to block."
FOR TRULY SECURE corporate instant messaging, one alternative suggested by Ingevaldson is Communicator Hub software, which is currently used by Salomon Smith Barney, J.P. Morgan Chase, Merrill Lynch, Credit Suisse First Boston, Goldman Sachs, and other financial institutions. Communicator's instant messaging service traces user activity with identity management, content aggregation and management, and auditing tools.
Unfortunately, widespread use of encrypted instant messaging (either at the consumer or enterprise level) is not expected for a few years. In the meantime, Ingevaldson recommended Trillian, a chat app that connects users to all the major IM clients: AIM, ICQ, MSN Messenger, and Yahoo Messenger. Trillian offers 128-bit blowfish encryption for AIM and ICQ, something these products currently do not provide on their own.
Yet an even bigger threat to your security, said Ingevaldson, are the peer-to-peer file-sharing networks. Recently, KaZaa users faced a clever worm called Benjamin, which infected their computers with thousands of bogus files disguised as popular film, song, and game titles. Two years ago, Gnutella users faced a similar viral threat. Ingevaldson also said SubSeven (a Trojan horse) is all over these networks, and could open company networks to back-door script kiddie attacks.
The danger of allowing employees to use these file-sharing networks at the office goes beyond just viruses and malicious code, though. Hosting illegal copies of copyrighted material can open corporations to lawsuits, as well.
So many issues... there must be some way out.. now we have to find out ..the WAY
While going through a security site i found this article interesting so i decided to mention it here..
"Now that companies are getting better at stopping e-mail viruses, says Dan Ingevaldson, director of R&D at ISS, instant messengers are the next obvious target for malicious code and viruses in the future. Also, most popular chat apps do not use a secure layer for text messages, meaning that anyone could intercept and read IM chats outside your corporate firewall.
A HANDFUL OF successful worms have already infected instant-messenging clients, including Aplore, which spreads via AOL Instant Messenger (AIM); Goner, which takes advantage of ICQ; and CoolNow, Message from Jerry (also known as Hello), and Choke, which are all spread via MSN Messenger. So far, no viruses have successfully infected Yahoo Messenger.
Earlier this year, the security organization w00w00 reported two buffer overflows in AIM, the first in January and the second in April. These vulnerabilities, now patched by AOL, made it possible for an attacker to steal your buddy list and spread malicious code throughout the entire AIM community--as well as run malicious code on your computer.
ISS has published a white paper detailing the technical countermeasures system administrators might employ regarding AIM, MSN Messenger, Yahoo Messenger, and ICQ.
Ingevaldson says a lot of companies simply do not allow employees to use instant messengers on the job. Trouble is, the genie is out of the bottle. Instant messaging fills a niche between a phone call and e-mail--it's fast, and not too intrusive. Plus, it's hard to keep employees from installing it, and hard to stop them from using a proxy once they discover the default IM ports have been blocked. "
Like..the popular Yahoo Messenger automatically attempts to connect to non-blocked ports, including port 23, which is used for telnet.
"It is unlikely companies would block telnet," said Ingevaldson. "Yahoo Messenger was designed to make it difficult to block."
FOR TRULY SECURE corporate instant messaging, one alternative suggested by Ingevaldson is Communicator Hub software, which is currently used by Salomon Smith Barney, J.P. Morgan Chase, Merrill Lynch, Credit Suisse First Boston, Goldman Sachs, and other financial institutions. Communicator's instant messaging service traces user activity with identity management, content aggregation and management, and auditing tools.
Unfortunately, widespread use of encrypted instant messaging (either at the consumer or enterprise level) is not expected for a few years. In the meantime, Ingevaldson recommended Trillian, a chat app that connects users to all the major IM clients: AIM, ICQ, MSN Messenger, and Yahoo Messenger. Trillian offers 128-bit blowfish encryption for AIM and ICQ, something these products currently do not provide on their own.
Yet an even bigger threat to your security, said Ingevaldson, are the peer-to-peer file-sharing networks. Recently, KaZaa users faced a clever worm called Benjamin, which infected their computers with thousands of bogus files disguised as popular film, song, and game titles. Two years ago, Gnutella users faced a similar viral threat. Ingevaldson also said SubSeven (a Trojan horse) is all over these networks, and could open company networks to back-door script kiddie attacks.
The danger of allowing employees to use these file-sharing networks at the office goes beyond just viruses and malicious code, though. Hosting illegal copies of copyrighted material can open corporations to lawsuits, as well.
So many issues... there must be some way out.. now we have to find out ..the WAY
posted by Gautam at 3:53 AM
0 Comments:
Post a Comment
<< Home