Vulnerability Development mailing list archives
Re: ICQ Spoofing Question (or second dumb question of the day)
From: Robert van der Meulen <rvdm () CISTRON NL>
Date: Thu, 21 Sep 2000 12:06:21 +0200
Hi, Quoting Masial (masial () SECURED ORG):
Are you certain that this information is still valid? I certainly remember about this but it was awhile back with an older version of ICQ. I belive they fixed this server-side after much account stealing occured, thats too bad because i could have had my old UIN back (sub mil). I belive change-password now requires you to be authenticated with the icq server first. Or maybe im not understanding your point?
Yep - and that's why the client has to be in an inactive state from the moment it logs on to the moment you try to spoof the request.. You profit from the client-authentication, and spoof the password-change request, and it works because the client is readily authenticated.
I remember a public statement they once stated someone had hacked icq accounts via a trojan JPEG image, uhh, yeah, ok (r33t).
I'm curious about how they did _that_ :) don't recall reading anything about that... Greets, Robert -- | rvdm () cistron nl - Cistron Internet Services - www.cistron.nl | | php3/c/perl/html/c++/sed/awk/linux/sql/cgi/security | | My statements are mine, and not necessarily cistron's. | If you can't learn to do it well, learn to enjoy doing it badly.
Current thread:
- ICQ Spoofing Question (or second dumb question of the day) Leon Rosenstein (Sep 19)
- Re: ICQ Spoofing Question (or second dumb question of the day) Robert van der Meulen (Sep 19)
- Re: ICQ Spoofing Question (or second dumb question of the day) Riley Hassell (Sep 19)
- Re: ICQ Spoofing Question (or second dumb question of the day) Sander Smeenk (CistroN Medewerker) (Sep 20)
- Re: ICQ Spoofing Question (or second dumb question of the day) Robert van der Meulen (Sep 20)
- Re: ICQ Spoofing Question (or second dumb question of the day) Masial (Sep 20)
- Re: ICQ Spoofing Question (or second dumb question of the day) Robert van der Meulen (Sep 21)
- Re: ICQ Spoofing Question (or second dumb question of the day) dis (Sep 22)
- Message not available
- Re: ICQ Spoofing Question (or second dumb question of the day) Audun (Sep 24)
- Re: ICQ Spoofing Question (or second dumb question of the day) Bluefish (P.Magnusson) (Sep 23)
- Re: ICQ Spoofing Question (or second dumb question of the day) Masial (Sep 24)
- Re: ICQ Spoofing Question (or second dumb question of the day) Robert van der Meulen (Sep 19)
- Re: ICQ Spoofing Question (or second dumb question of the day) 3APA3A (Sep 20)
- <Possible follow-ups>
- Re: ICQ Spoofing Question (or second dumb question of the day) Ozy --- (Sep 24)