WhiteMateria
that is an insanely long post, and it covers all the ins and outs of security.
In item #6, you mentioned AIM Encrypt, which is inherently insecure because everyone uses the same certificate. AIMEncrypt.com's certificate or any other that anyone can download is a very insecure way to do encryption in AIM. Knowing the internals of public-key cryptography, everyone with the same key really isn't secure. You can do encryption with OpenSSL securely instead.
Creating certificates with OpenSSL on Linux/Unix platforms are quite easy. But if you're using Windows, not all hope is lost. I've looked everywhere for instructions to create your own self-signed certificate, and since there isn't really a page out there that did it, I wrote my own.
Here are some instructions to create your own self-signed certificate for AIM. You don't need anything special, I put up the binary that allows you to do it with OpenSSL. You can use any OpenSSL binary, I provide instructions on how to use your own binary as well. If the instructions scare you, there is a program (SSCC) provided that can do it all for you. It asks you for some info you want in your certificate, and with a few clicks, you'll be on your way.
Then, after you create the .p12 package that AIM accepts, just import it and tell me what you think
URL is at:
http://secure.sylikc.net:8080/self_signed/
or just
http://sylikc.net/?secure, and find the HOWTO on the bottom.
Now then you won't have to use a freely downloadable (insecure) certificate, just DIY.
However, beyond that, all that stuff is extremely useful advice. Really neat post. Especially the part about explaining social engineering to get passwords and information
