[icq-devel] security flaw



Massimo Melina rejetto at libero.it
Mon Apr 8 01:34:13 CEST 2002


cut&paste of a piece of my reply to the icq support team

IO> We apologize but currently such an option is unavailable.

what option?
it  was  not  a question but a statement. icq servers let other people
know  if  i'm online, also in invisible mode, cause of a security flaw
in  the  protocol. that is, everyone is able to know if another UIN is
really online, also in invisible mode.

Of  course  ICQ  client  doesn't say it, but with other software it is
possible. But no additional software is really needed, for an advanced
user, only watch data exchanged with the server.

I hope this security flaw will be fixed, and i'm available to explain
better if you need it. Please, is an important privacy matter.


-- 
Massimo Melina




More information about the icq-devel mailing list