[icq-devel] security flaw



Micha armageddon at raydan.de
Wed Apr 10 17:39:56 CEST 2002


How does this bug work ?
Is it a normal SNAC or is it over DC ?

-micha

----- Original Message ----- 
From: "Massimo Melina" <rejetto at libero.it>
To: "icq-devel" <icq-devel at blipp.com>
Sent: Monday, April 08, 2002 1:34 AM
Subject: [icq-devel] security flaw


> cut&paste of a piece of my reply to the icq support team
> 
> IO> We apologize but currently such an option is unavailable.
> 
> what option?
> it  was  not  a question but a statement. icq servers let other people
> know  if  i'm online, also in invisible mode, cause of a security flaw
> in  the  protocol. that is, everyone is able to know if another UIN is
> really online, also in invisible mode.
> 
> Of  course  ICQ  client  doesn't say it, but with other software it is
> possible. But no additional software is really needed, for an advanced
> user, only watch data exchanged with the server.
> 
> I hope this security flaw will be fixed, and i'm available to explain
> better if you need it. Please, is an important privacy matter.
> 
> 
> -- 
> Massimo Melina
> 
> -------------------------------------------------
> icq-devel - The forum for ICQ protocol discussion
> For unsubscribe and other mailing list info, see:
> http://www.d.kth.se/~d95-mih/icq/icq-devel/
> 
> 




More information about the icq-devel mailing list