Vulnerability Development mailing list archives
Re: icq accounts
From: sven () DEVNULL VIP BR (Sven E. van 't Veer)
Date: Mon, 22 Nov 1999 20:38:23 +0000
From what I have seen, hacks exist to allow you to add a user and get their real IP regardless of what their settings are as long as you know some criteria to search on which will yield their ICQ number. ICQ versions up to the latest one are vulnerable. Hello everybody... I have a question about icq and I think you'll have a word or two to say about it. By now, I know that someone with the suitable software can enter any unprotected icq account and get the authorization to add their names to their contact list easily... But I don't know if any hacker can do this on anyone's icq account : In a white page search, allow only the off-line icq users to be displayed and prevent the on-line icq users from being displayed at the end of the search...... Can a hacker do that kind of a thing? Are there any web sites that give information about such issues?
I use LICQ on my linuxbox and it lets me add any user I want without asking for authorization, sure it gives me the option to ask for authorization if I really want to, but it's not needed. I can also send messages spoofing the UIN. I can Query the OS of the user do a a finger, lookup hostname. I don't use these options much, anyway it does hardly as good a job as nmap, so I guess you don't have to be a hacker to do these things. Sven -- Sven E. van 't Veer, llm. Departamento de Desenvolvimento Brasil Informatica. http://www.brvip.com.br
Current thread:
- icq accounts Ömer Özta (Nov 20)
- <Possible follow-ups>
- Re: icq accounts Zimmerman, Eric - CIS (Nov 22)
- Re: icq accounts Sven E. van 't Veer (Nov 22)
- Re: icq accounts Seth R Arnold (Nov 22)
- Re: icq accounts Arturo Busleiman (Nov 22)
- lanma256.bmp/lanmannt.bmp security risk? Mike Blomgren (Nov 24)
- Re: lanma256.bmp/lanmannt.bmp security risk? Marc Esipovich (Nov 24)
- SSH exploit Gerardo Richarte (Nov 24)
- Re: icq accounts Sven E. van 't Veer (Nov 22)