that is an insanely long post, and it covers all the ins and outs of security.
In item #6, you mentioned AIM Encrypt, which is inherently insecure because everyone uses the same certificate. AIMEncrypt.com's certificate or any other that anyone can download is a very insecure way to do encryption in AIM. Knowing the internals of public-key cryptography, everyone with the same key really isn't secure. You can do encryption with OpenSSL securely instead.
Creating certificates with OpenSSL on Linux/Unix platforms are quite easy. But if you're using Windows, not all hope is lost. I've looked everywhere for instructions to create your own self-signed certificate, and since there isn't really a page out there that did it, I wrote my own.
Here are some instructions to create your own self-signed certificate for AIM. You don't need anything special, I put up the binary that allows you to do it with OpenSSL. You can use any OpenSSL binary, I provide instructions on how to use your own binary as well. If the instructions scare you, there is a program (SSCC) provided that can do it all for you. It asks you for some info you want in your certificate, and with a few clicks, you'll be on your way.
Then, after you create the .p12 package that AIM accepts, just import it and tell me what you think
URL is at:
or just http://sylikc.net/?secure, and find the HOWTO on the bottom.
Now then you won't have to use a freely downloadable (insecure) certificate, just DIY.
However, beyond that, all that stuff is extremely useful advice. Really neat post. Especially the part about explaining social engineering to get passwords and information
Last edited by shkbobo; 05-20-2010 at 01:32 PM.
9. Two names at once
While it may seem like a good thing it can also be an invasion of privacy. Unofficial AIM clients will NOT alert you of 2 or more people signed on your name. In fact AIM may not alert of you of this ethier. If another person is logged on as you they can see to EVERYTHING another person types to you. However they cannot hear what you type back to that person. Think in terms of a Y connection and you will see what I'm talking about.
How would I know if someone signs in using my screen name? I guess what I am asking is which AIM clients do not alert?
now a days AOLSystemMsg (the screenname) should IM you if you are logged on in two places (which would also allow unofficial clients that support IM to send you a warning). if you are really paranoid you can send a "1" to AOLSystemMsg every time you login (manually). this will cause all other logons of your screenname to be signed off.Originally Posted by not2bright
Hey there WhiteMateria
Can you PM me your AIM so I can tell you somthing?
If not I can post it here
where did you find such a complex description? good work!
There are currently 1 users browsing this thread. (0 members and 1 guests)