Tech Off Thread

12 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

MSN Messenger sniffing and encryption

Back to Forum: Tech Off
  • User profile image
    prog_dotnet
  • User profile image
    Maurits

    Am I missing something?  How does the recipient unencrypt the text?  Or do they have to be using SimpLite too?

    If that's the case, Windows Privacy Tools can do this.

    It would be nice if MSN offered encryption in conjunction with personal certificates.

    Edit: Ah... I see... a centralized encryption system for corporate instant messaging across the public internet.  Very cool.
    Almost as cool as running my own IM server would be.

  • User profile image
    prog_dotnet

    you should give the msn sniffer a try...
    http://www.effetech.com/msn-sniffer/

    Microsoft truly rushed along without thinking at privacy conserns.




    MSN sniffer is a handy network utility to capture MSN chat on network. It records MSN conversations automatically. All intercepted messages can be saved as HTML files for later processing and analyzing.

    It is very easy to make it to work. Just run the MSN sniffer on any computer on your network, and start to capture. It will record any conversation from any PC on the network. No additional program installation is needed on the monitoring target computers. Everything will be recorded without being detected. It is especially useful for administrators or parents, who need to monitor what their employees or kids are talking about with others.
    ---------------------------------



  • User profile image
    Maurits

    Assuming you're not in a switched environment I would assume.

  • User profile image
    prog_dotnet

    it depends on how the network are configured and if you have physial access to it.
    The scary thing is that such products allways has a latency period before it hits the marked.

    You can say the same ting for Microsoft efs encryption...
    In all MOC curriculum, technet and security talks, ms talks about the need to enable efs to secure your documents...
    But the problem is that efs are not secure, it leaks...
    Actually you have an efs decrytion tool that enables you to decrypt efs at win boxes, even if syskey are enabled.

    http://www.elcomsoft.com/aefsdr.html

    There are a few restrictions on the product, but how many have them enabled. Only the few who actually have red the
    Microsoft Security Resource Kit 

     
    Advanced EFS Data Recovery (or simply AEFSDR) is a program to recover (decrypt) files encrypted on NTFS (EFS) partitions created in Windows 2000, Windows XP and Windows Server 2003. Files are being decrypted even in a case when the system is not bootable and so you cannot log on, and/or some encryption keys have been tampered. Besides, decryption is possible even when Windows is protected using SYSKEY. AEFSDR effectively (and instantly) decrypts the files protected under all versions Windows Server 2003 (Standard and Enterprise), Windows XP (including Service Pack 1) and Windows 2000 (including Service Packs 1, 2, 3 and 4).

     

  • User profile image
    ajivanet

    I like to use the soft to monitor my children
    http://www.ajivasoft.com/msn-chat-monitor.htm

  • User profile image
    cheong

    That's one of the reasons why I nearly always "ssh" to another server then "ssh" to our private bbs server... Tongue Out

    That's a lot more secure than the MSN messenger...

    Recent Achievement unlocked: Code Avenger Tier 4/6: You see dead program. A lot!
    Last modified
  • User profile image
    W3bbo

    ajivanet wrote:
    I like to use the soft to monitor my children
    http://www.ajivasoft.com/msn-chat-monitor.htm


    Says a lot about how much you trust your children, I certainly wouldn't act in kind if my parents activly monitored my online activities...perhaps even dispising them and trying even harder to preserve my privacy.

    Just because someone's aged under 18 doesn't mean they don't have the right to privacy.

  • User profile image
    Riddles In The Dark

    i would imagine that microsoft Messenger Live would implement some sort of encryption

    I am surprised that there is not encryption so far

  • User profile image
    Shark_M

    why is the internet does not use an encryption protocol?

    like use HTTPS for all browsing

    user SSL in ever communication?

    Why not

  • User profile image
    Manip

    Shark_M wrote:
    why is the internet does not use an encryption protocol?

    like use HTTPS for all browsing

    user SSL in ever communication?

    Why not


    Two reasons that immediately come to mind are cost, and speed.

    All SSL connections require a valid SSL certificate, from a evil company like Verisign, which can charge up-wards of $100 per year.

    Encrypted protocols don't encrypt things 1 to 1, because it would be far easier to crack... Instead they encrypt things to fixed length strings... Which makes them secure but at the same time slow.

  • User profile image
    blowdart

    Manip wrote:
    



    All SSL connections require a valid SSL certificate, from a evil company like Verisign, which can charge up-wards of $100 per year.


    No they don't. Self signed certs are fine for most things, especially code you write yourself, because you know you can trust the root you self sign from. Heck, it's only because IE prompts you that you'd know the difference. If your software doesn't prompt then there's not much difference.

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.