Vulnerability Development mailing list archives
Re: ICQ Spoofing Question (or second dumb question of the day)
From: Masial <masial () SECURED ORG>
Date: Wed, 20 Sep 2000 09:41:14 -0400
-----Original Message----- From: Robert van der Meulen Sent: Wednesday, September 20, 2000 4:58 AM
It is possible to send a change-password request after the client has connected to the server. It is imperative, though, that the client has not been 'active' after the connect (i.e. no send-trough-server messages recieved or sent), because of a serial-number guessing problem. Very probably it is possible to send a free-for-chat request/packet in the same manner.
Are you certain that this information is still valid? I certainly remember about this but it was awhile back with an older version of ICQ. I belive they fixed this server-side after much account stealing occured, thats too bad because i could have had my old UIN back (sub mil). I belive change-password now requires you to be authenticated with the icq server first. Or maybe im not understanding your point?
(Ofcourse everybody knows by now that ICQ is a braindead protocol that was meant to be broken from day #1)
I like the 'meant to' part, heh, but that would imply they were not incredibly clueless about internet. I remember a public statement they once stated someone had hacked icq accounts via a trojan JPEG image, uhh, yeah, ok (r33t). M.
Current thread:
- ICQ Spoofing Question (or second dumb question of the day) Leon Rosenstein (Sep 19)
- Re: ICQ Spoofing Question (or second dumb question of the day) Robert van der Meulen (Sep 19)
- Re: ICQ Spoofing Question (or second dumb question of the day) Riley Hassell (Sep 19)
- Re: ICQ Spoofing Question (or second dumb question of the day) Sander Smeenk (CistroN Medewerker) (Sep 20)
- Re: ICQ Spoofing Question (or second dumb question of the day) Robert van der Meulen (Sep 20)
- Re: ICQ Spoofing Question (or second dumb question of the day) Masial (Sep 20)
- Re: ICQ Spoofing Question (or second dumb question of the day) Robert van der Meulen (Sep 21)
- Re: ICQ Spoofing Question (or second dumb question of the day) dis (Sep 22)
- Message not available
- Re: ICQ Spoofing Question (or second dumb question of the day) Audun (Sep 24)
- Re: ICQ Spoofing Question (or second dumb question of the day) Bluefish (P.Magnusson) (Sep 23)
- Re: ICQ Spoofing Question (or second dumb question of the day) Masial (Sep 24)
- Re: ICQ Spoofing Question (or second dumb question of the day) Robert van der Meulen (Sep 19)
- Re: ICQ Spoofing Question (or second dumb question of the day) 3APA3A (Sep 20)
- <Possible follow-ups>
- Re: ICQ Spoofing Question (or second dumb question of the day) Ozy --- (Sep 24)