04-02-2004, 06:33 AM
|
|||
|
|||
|
WhiteMateria
that is an insanely long post, and it covers all the ins and outs of security. In item #6, you mentioned AIM Encrypt, which is inherently insecure because everyone uses the same certificate. AIMEncrypt.com's certificate or any other that anyone can download is a very insecure way to do encryption in AIM. Knowing the internals of public-key cryptography, everyone with the same key really isn't secure. You can do encryption with OpenSSL securely instead. Creating certificates with OpenSSL on Linux/Unix platforms are quite easy. But if you're using Windows, not all hope is lost. I've looked everywhere for instructions to create your own self-signed certificate, and since there isn't really a page out there that did it, I wrote my own. Here are some instructions to create your own self-signed certificate for AIM. You don't need anything special, I put up the binary that allows you to do it with OpenSSL. You can use any OpenSSL binary, I provide instructions on how to use your own binary as well. If the instructions scare you, there is a program (SSCC) provided that can do it all for you. It asks you for some info you want in your certificate, and with a few clicks, you'll be on your way. Then, after you create the .p12 package that AIM accepts, just import it and tell me what you think  URL is at: http://secure.sylikc.net:8080/self_signed/ or just http://sylikc.net/?secure, and find the HOWTO on the bottom. Now then you won't have to use a freely downloadable (insecure) certificate, just DIY. However, beyond that, all that stuff is extremely useful advice. Really neat post. Especially the part about explaining social engineering to get passwords and information
|
|
10-04-2004, 11:47 PM
|
|||
|
|||
|
Nice post but damn your screenname has to be like the same calibre of significance as say - the pin number of your main credit card for that kind of security lol. Nice way to put it all together though, most of the knowledge I have about AIM securities are there and if I know anything besides that its just details that addon to that. Good job, btw I recommend Steganos Security Suite (newest generation 7?). It has a password generator where you can select the exact specs of your password [use lowercase, use uppercase, use numbers, use special characters (alt codes, ASCII, unicode?), and select the number of characters (up to 100). When full options are selected I believe a 21 character password (132 bits) would be unbreakable even by, as they say "secret services (MAXIMUM security)." Now you can IM your local FBI agent and tell him you talk to osama bin laden daily - although he will probably have a wiretap in before you wake up the next morning, what a shame. Also, steganos comes with superb security features along with a password manager to safely store those nice 16 random character passwords...but yes I know...most of you can easily remember those. xD
|
|
07-30-2005, 07:11 PM
|
|||
|
|||
|
Quote:
How would I know if someone signs in using my screen name? I guess what I am asking is which AIM clients do not alert? thank you
|
|
07-31-2005, 05:17 PM
|
|||
|
|||
|
Quote:
|
 |
«
Previous Topic
|
Next Topic
»
| Currently Active Users Viewing This Topic: 1 (0 members and 1 guests) | |
| Topic Tools | |
|
|
Similar Topics
|
||||
| Topic | Topic Starter | Forum | Replies | Last Post |
| Latest & most useful AIM programs | Someguy03 | AIM Support | 15 | 10-05-2008 03:15 PM |
| Cyber Stalking - How to put the lockdown on it! | WhiteMateria | Online Privacy, Safety & Security | 16 | 03-05-2006 09:22 PM |
| Plenty of IM Security Holes Left to Plug | BigBlueBall News | General / Other IM News | 0 | 10-31-2003 01:00 AM |
| IMSecure Pro by ZoneLabs | BLACK HAT | Online Privacy, Safety & Security | 2 | 08-13-2003 10:13 AM |
| AOL IM Security Hole: Sign of Things To Come? | BigBlueBall News | AIM News | 0 | 10-05-2001 01:00 AM |
All times are GMT -5. The time now is 08:55 PM.
