+ Reply to Thread
Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Topic: AIM clients - How to put the lockdown on security!

  1. #11
    sylikc is offline Junior Member
    Join Date
    Apr 2004
    Location
    .
    Posts
    3
    WhiteMateria

    that is an insanely long post, and it covers all the ins and outs of security.

    In item #6, you mentioned AIM Encrypt, which is inherently insecure because everyone uses the same certificate. AIMEncrypt.com's certificate or any other that anyone can download is a very insecure way to do encryption in AIM. Knowing the internals of public-key cryptography, everyone with the same key really isn't secure. You can do encryption with OpenSSL securely instead.

    Creating certificates with OpenSSL on Linux/Unix platforms are quite easy. But if you're using Windows, not all hope is lost. I've looked everywhere for instructions to create your own self-signed certificate, and since there isn't really a page out there that did it, I wrote my own.

    Here are some instructions to create your own self-signed certificate for AIM. You don't need anything special, I put up the binary that allows you to do it with OpenSSL. You can use any OpenSSL binary, I provide instructions on how to use your own binary as well. If the instructions scare you, there is a program (SSCC) provided that can do it all for you. It asks you for some info you want in your certificate, and with a few clicks, you'll be on your way.


    Then, after you create the .p12 package that AIM accepts, just import it and tell me what you think


    URL is at:

    http://secure.sylikc.net:8080/self_signed/
    or just http://sylikc.net/?secure, and find the HOWTO on the bottom.

    Now then you won't have to use a freely downloadable (insecure) certificate, just DIY.


    However, beyond that, all that stuff is extremely useful advice. Really neat post. Especially the part about explaining social engineering to get passwords and information

  2. #12
    shkbobo is offline Junior Member
    Join Date
    Oct 2004
    Location
    .
    Posts
    4
    [del]
    Last edited by shkbobo; 05-20-2010 at 01:32 PM.

  3. #13
    not2bright is offline Junior Member
    Join Date
    Jul 2005
    Posts
    1

    9. Two names at once
    While it may seem like a good thing it can also be an invasion of privacy. Unofficial AIM clients will NOT alert you of 2 or more people signed on your name. In fact AIM may not alert of you of this ethier. If another person is logged on as you they can see to EVERYTHING another person types to you. However they cannot hear what you type back to that person. Think in terms of a Y connection and you will see what I'm talking about.




    How would I know if someone signs in using my screen name? I guess what I am asking is which AIM clients do not alert?

    thank you

  4. #14
    user91c Guest
    Quote Originally Posted by not2bright
    How would I know if someone signs in using my screen name?
    now a days AOLSystemMsg (the screenname) should IM you if you are logged on in two places (which would also allow unofficial clients that support IM to send you a warning). if you are really paranoid you can send a "1" to AOLSystemMsg every time you login (manually). this will cause all other logons of your screenname to be signed off.

  5. #15
    Jason Doc is offline Junior Member
    Join Date
    Aug 2008
    Posts
    7
    Hey there WhiteMateria

    Can you PM me your AIM so I can tell you somthing?

    If not I can post it here

  6. #16
    andrebacher is offline Junior Member
    Join Date
    Jul 2010
    Posts
    2

    description

    where did you find such a complex description? good work!

+ Reply to Thread
Page 2 of 2 FirstFirst 12

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Topics

  1. Latest & most useful AIM programs
    By Someguy03 in forum AIM Support
    Replies: 15
    Last Post: 10-05-2008, 02:15 PM
  2. Cyber Stalking - How to put the lockdown on it!
    By WhiteMateria in forum Online Privacy, Safety & Security
    Replies: 16
    Last Post: 03-05-2006, 08:22 PM
  3. Plenty of IM Security Holes Left to Plug
    By BigBlueBall News in forum General / Other IM News
    Replies: 0
    Last Post: 10-31-2003, 12:00 AM
  4. IMSecure Pro by ZoneLabs
    By BLACK HAT in forum Online Privacy, Safety & Security
    Replies: 2
    Last Post: 08-13-2003, 09:13 AM
  5. AOL IM Security Hole: Sign of Things To Come?
    By BigBlueBall News in forum AIM News
    Replies: 0
    Last Post: 10-05-2001, 12:00 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts