Re: icq accounts

[sven () DEVNULL VIP BR (Sven E. van 't Veer)]

> From what I have seen, hacks exist to allow you to add a user and get their
> real IP regardless of what their settings are as long as you know some
> criteria to search on which will yield their ICQ number. ICQ versions up to
> the latest one are vulnerable.
>
> Hello everybody...
>
> I have a question about icq and I think you'll have a word or two to say
> about it.
>
> By now, I know that someone with the suitable software can enter  any
> unprotected icq account
>
> and get the authorization to add their names to their contact list easily...
>
> But I don't know if any hacker can do this on anyone's icq account :
>
> In a white page search, allow only the off-line icq users to be displayed
> and
>
> prevent the on-line icq users from being displayed at the end of the
> search......
>
> Can a hacker do that kind of a thing?
>
> Are there any web sites that give information about such issues?
I use LICQ on my linuxbox and it lets me add any user I want without asking for
authorization, sure it gives me the option to ask for authorization if I really
want to, but it's not needed.

I can also send messages spoofing the UIN. I can Query the OS of the user do a a
finger, lookup hostname.

I don't use these options much, anyway it does hardly as good a job as nmap, so I
guess you don't have to be a hacker to do these things.

Sven


--
Sven E. van 't Veer, llm.
Departamento de Desenvolvimento
Brasil Informatica.
http://www.brvip.com.br