Vulnerability Development mailing list archives
Re: ICQ Spoofing Question (or second dumb question of the day)
From: "Bluefish (P.Magnusson)" <11a () GMX NET>
Date: Sat, 23 Sep 2000 15:01:04 +0200
Now, I do agree that hacking icq accounts by the aid of JPEG is extremly far fetched, but actually possible? A number of netscape versions (perhaps other softwares as well) had an exploitable overflow in the JPEG handling. Assuming that someone wrote a kit which was designed to aid in an attack somehow (shellcode which actually grabs icq passwords sounds a bit hard to code though), attackers could actively use JPEGs for this. The obvious question is then why the bug was fixed so much later if it was know back then :) Or why it wasn't widely abused by the masses.
(Ofcourse everybody knows by now that ICQ is a braindead protocol that was meant to be broken from day #1)I like the 'meant to' part, heh, but that would imply they were not incredibly clueless about internet. I remember a public statement they once stated someone had hacked icq accounts via a trojan JPEG image, uhh, yeah, ok (r33t).
..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team http://www.eff.org/cafe
Current thread:
- ICQ Spoofing Question (or second dumb question of the day) Leon Rosenstein (Sep 19)
- Re: ICQ Spoofing Question (or second dumb question of the day) Robert van der Meulen (Sep 19)
- Re: ICQ Spoofing Question (or second dumb question of the day) Riley Hassell (Sep 19)
- Re: ICQ Spoofing Question (or second dumb question of the day) Sander Smeenk (CistroN Medewerker) (Sep 20)
- Re: ICQ Spoofing Question (or second dumb question of the day) Robert van der Meulen (Sep 20)
- Re: ICQ Spoofing Question (or second dumb question of the day) Masial (Sep 20)
- Re: ICQ Spoofing Question (or second dumb question of the day) Robert van der Meulen (Sep 21)
- Re: ICQ Spoofing Question (or second dumb question of the day) dis (Sep 22)
- Message not available
- Re: ICQ Spoofing Question (or second dumb question of the day) Audun (Sep 24)
- Re: ICQ Spoofing Question (or second dumb question of the day) Bluefish (P.Magnusson) (Sep 23)
- Re: ICQ Spoofing Question (or second dumb question of the day) Masial (Sep 24)
- Re: ICQ Spoofing Question (or second dumb question of the day) Robert van der Meulen (Sep 19)
- Re: ICQ Spoofing Question (or second dumb question of the day) 3APA3A (Sep 20)
- <Possible follow-ups>
- Re: ICQ Spoofing Question (or second dumb question of the day) Ozy --- (Sep 24)