?

Log in

No account? Create an account
From the Windows & .Net Magazine Network Magazine Update, 9/19 - A Suburbs Boy Living a Country Life [My Flickr Photos]
September 19th, 2002
11:31 am

[Link]

Previous Entry Share Next Entry
From the Windows & .Net Magazine Network Magazine Update, 9/19
Since I use Trillian and recommend it, I thought I'd post this.

This is not an "over the wire" exploit--however, if you share you machine with others they could use this technique by compiling the sample code and running it on your machine to discover your IM passwords...

* WEAK PASSWORD ENCRYPTION VULNERABILITY IN CERULEAN STUDIOS' TRILLIAN INSTANT MESSENGER
A vulnerability exists in the Trillian Instant Messaging (IM) client that can let an attacker exploit a weakness in the encryption scheme the software uses to store user authentication credentials. The software uses exclusive OR (XOR) encryption with the same static key for every installation to encrypt these credentials. A local attacker can exploit this weakness to gain access to another user's IM credentials. The vendor, Cerulean Studios, has not issued a fix or patch for this vulnerability. For a detailed explanation of the risks and proof-of-concept code, be sure to visit our Web site.
http://www.secadministrator.com/articles/index.cfm?articleid=26690

(2 comments | Leave a comment)

Comments
 
From:(Anonymous)
Date:September 22nd, 2002 10:38 pm (UTC)

(Link)
Right; I am actually reading your journal. I figured you didn't know that. No real comment as to the post. There was a restaurant here in Boulder named Trillian's. They closed. Its too bad, because they had great fish n' chips and I won a very ugly towel during a Vogon poetry contest.
Donna Hirsch
[User Picture]
From:happypete
Date:September 27th, 2002 08:43 am (UTC)

Boo!

(Link)
Hi, Donna!

Missed you. Where you at these days?

Do you have an LJ of your own?
Powered by LiveJournal.com