From the Windows & .Net Magazine Network Magazine Update, 9/19 - A Suburbs Boy Living a Country Life — LiveJournal
[My Flickr Photos]
From the Windows & .Net Magazine Network Magazine Update, 9/19|
Since I use Trillian and recommend it, I thought I'd post this.
This is not an "over the wire" exploit--however, if you share you machine with others they could use this technique by compiling the sample code and running it on your machine to discover your IM passwords...
* WEAK PASSWORD ENCRYPTION VULNERABILITY IN CERULEAN STUDIOS' TRILLIAN INSTANT MESSENGER
A vulnerability exists in the Trillian Instant Messaging (IM) client that can let an attacker exploit a weakness in the encryption scheme the software uses to store user authentication credentials. The software uses exclusive OR (XOR) encryption with the same static key for every installation to encrypt these credentials. A local attacker can exploit this weakness to gain access to another user's IM credentials. The vendor, Cerulean Studios, has not issued a fix or patch for this vulnerability. For a detailed explanation of the risks and proof-of-concept code, be sure to visit our Web site.
|Date:||September 22nd, 2002 10:38 pm (UTC)|| |
Right; I am actually reading your journal. I figured you didn't know that. No real comment as to the post. There was a restaurant here in Boulder named Trillian's. They closed. Its too bad, because they had great fish n' chips and I won a very ugly towel during a Vogon poetry contest.
|Date:||September 27th, 2002 08:43 am (UTC)|| |
Missed you. Where you at these days?
Do you have an LJ of your own?