MSN Messenger sniffing and encryption

Posted By: prog_dotnet | Oct 12th, 2004 @ 11:42 AM
page 1 of 1
Comments: 11 | Views: 10750
#Oct 12th, 2004 @ 12:40 PM
Maurits
Maurits
AKA Matthew van Eerde
Am I missing something?  How does the recipient unencrypt the text?  Or do they have to be using SimpLite too?

If that's the case, Windows Privacy Tools can do this.

It would be nice if MSN offered encryption in conjunction with personal certificates.

Edit: Ah... I see... a centralized encryption system for corporate instant messaging across the public internet.  Very cool.
Almost as cool as running my own IM server would be.
#Oct 12th, 2004 @ 5:08 PM
prog_dotnet
prog_dotnet
you should give the msn sniffer a try...
http://www.effetech.com/msn-sniffer/

Microsoft truly rushed along without thinking at privacy conserns.




MSN sniffer is a handy network utility to capture MSN chat on network. It records MSN conversations automatically. All intercepted messages can be saved as HTML files for later processing and analyzing.

It is very easy to make it to work. Just run the MSN sniffer on any computer on your network, and start to capture. It will record any conversation from any PC on the network. No additional program installation is needed on the monitoring target computers. Everything will be recorded without being detected. It is especially useful for administrators or parents, who need to monitor what their employees or kids are talking about with others.
---------------------------------



#Oct 12th, 2004 @ 5:10 PM
Maurits
Maurits
AKA Matthew van Eerde
Assuming you're not in a switched environment I would assume.
#Oct 12th, 2004 @ 5:32 PM
prog_dotnet
prog_dotnet

it depends on how the network are configured and if you have physial access to it.
The scary thing is that such products allways has a latency period before it hits the marked.

You can say the same ting for Microsoft efs encryption...
In all MOC curriculum, technet and security talks, ms talks about the need to enable efs to secure your documents...
But the problem is that efs are not secure, it leaks...
Actually you have an efs decrytion tool that enables you to decrypt efs at win boxes, even if syskey are enabled.

http://www.elcomsoft.com/aefsdr.html

There are a few restrictions on the product, but how many have them enabled. Only the few who actually have red the
Microsoft Security Resource Kit 

 
Advanced EFS Data Recovery (or simply AEFSDR) is a program to recover (decrypt) files encrypted on NTFS (EFS) partitions created in Windows 2000, Windows XP and Windows Server 2003. Files are being decrypted even in a case when the system is not bootable and so you cannot log on, and/or some encryption keys have been tampered. Besides, decryption is possible even when Windows is protected using SYSKEY. AEFSDR effectively (and instantly) decrypts the files protected under all versions Windows Server 2003 (Standard and Enterprise), Windows XP (including Service Pack 1) and Windows 2000 (including Service Packs 1, 2, 3 and 4).

 

#Jun 10th, 2006 @ 7:48 AM
cheong
cheong
That's one of the reasons why I nearly always "ssh" to another server then "ssh" to our private bbs server... Tongue Out

That's a lot more secure than the MSN messenger...
#Jun 10th, 2006 @ 8:04 AM
W3bbo
W3bbo
The Master of Baiters
ajivanet wrote:
I like to use the soft to monitor my children
http://www.ajivasoft.com/msn-chat-monitor.htm


Says a lot about how much you trust your children, I certainly wouldn't act in kind if my parents activly monitored my online activities...perhaps even dispising them and trying even harder to preserve my privacy.

Just because someone's aged under 18 doesn't mean they don't have the right to privacy.

#Jun 10th, 2006 @ 3:39 PM
Riddles In The Dark
Riddles In The Dark

i would imagine that microsoft Messenger Live would implement some sort of encryption

I am surprised that there is not encryption so far

#Jun 11th, 2006 @ 10:44 PM
Shark_M
Shark_M
why is the internet does not use an encryption protocol?

like use HTTPS for all browsing

user SSL in ever communication?

Why not
#Jun 11th, 2006 @ 10:56 PM
Manip
Manip
Shark_M wrote:
why is the internet does not use an encryption protocol?

like use HTTPS for all browsing

user SSL in ever communication?

Why not


Two reasons that immediately come to mind are cost, and speed.

All SSL connections require a valid SSL certificate, from a evil company like Verisign, which can charge up-wards of $100 per year.

Encrypted protocols don't encrypt things 1 to 1, because it would be far easier to crack... Instead they encrypt things to fixed length strings... Which makes them secure but at the same time slow.
#Jun 12th, 2006 @ 12:02 AM
blowdart
blowdart
Peek-a-boo
Manip wrote:




All SSL connections require a valid SSL certificate, from a evil company like Verisign, which can charge up-wards of $100 per year.


No they don't. Self signed certs are fine for most things, especially code you write yourself, because you know you can trust the root you self sign from. Heck, it's only because IE prompts you that you'd know the difference. If your software doesn't prompt then there's not much difference.
page 1 of 1
Comments: 11 | Views: 10750
Microsoft Communities