| Author
|
who is listening to your MSN conversations?
|
v.v2
Started Topics :
9
Posts :
83
Posted : Mar 12, 2007 00:45
|
MSN messenger provides no security for its IMs, and everything is sent out in cleartext form. This means that anyone, not even a programmer, but anyone who can download simple softwares like msn monitor, cain or ethereal, and scores of others, can read all your msn conversations with anyone.
The answer is an encryption software like simplite.
Some here will ask - but who will ever want to read my shit? Well, the simple answer is why then dont you give out your email password...the reason is bcoz you want some privacy, and not being sure who intends what, its better to keep your house locked when you are not looking.
Simple test (i am making this vague for fear of abuse): u want to read someone's conversations...find their ip, sniff port 1863, analyse, and u are on!
Google simplite, its an easy and non-intrusive software (3mB)...to make it easier on u, use the interface tab to take out the baloons, the sounds and remove it from ur system tray...u will still have to enter password each time u activate it, but this is actually a good security measure...thats how simple simplite is! lol
It uses a rsa 2048 cipher, which will aprrox take a supercomputer about a million years to crack..govts, army, corporates, banks use it...it is as yet unbroken!
now thats security! 
ps: for it to work, the other person should also have it installed...this can be frustrating at times, but its surely catching on, so no harm getting it right now...another solution is to get the abc messenger (1.5 mb) but this is actually more hardwork conz u have to generate your own rsa key through pgp and then use another msn interface |
|
|
Pavel
Moderator
Started Topics :
313
Posts :
8649
Posted : Mar 12, 2007 20:03
|
And how will i know that this program doesn't do the same?
 Everyone in the world is doing something without me |
|
|
|
v.v2
Started Topics :
9
Posts :
83
Posted : Mar 13, 2007 08:30
|
you will know after a little research on the net (it is suggested by CHIP mag among others)...when u download the software, you have an option to install it through the PGP key...
look for rsa key and pgp in wikipedia
here is the site page - http://www.secway.fr/us/products/simplite_msn/
artists who share tracks on msn should keep in mind though that the lite version doesnt encrypt file sharing (so someone can still steal ur files)...for that atleast one party has to have the pro version |
|
|
|
juice
IsraTrance Full Member
Started Topics :
59
Posts :
2081
Posted : Mar 13, 2007 12:02
|
|
y they want to read some one else conversation...i don ve tht mch time nd no intrst either....
Studies indicate that listening to music is good for digestion. |
|
|
|
orange
Fat Data
Started Topics :
154
Posts :
3918
Posted : Mar 13, 2007 18:22
|
|
Pavel
Moderator
Started Topics :
313
Posts :
8649
Posted : Mar 13, 2007 21:30
|
Quote:
|
On 2007-03-13 08:30, v.v2 wrote:
you will know after a little research on the net (it is suggested by CHIP mag among others)...when u download the software, you have an option to install it through the PGP key...
look for rsa key and pgp in wikipedia
here is the site page - http://www.secway.fr/us/products/simplite_msn/
artists who share tracks on msn should keep in mind though that the lite version doesnt encrypt file sharing (so someone can still steal ur files)...for that atleast one party has to have the pro version
|
|
Why would i trust you or this site and not Microsoft?
Everyone in the world is doing something without me |
|
|
|
knocz
IsraTrance Junior Member
Started Topics :
40
Posts :
1151
Posted : Mar 14, 2007 01:30
|
Quote:
|
On 2007-03-13 21:30, Pavel wrote:
Why would i trust you or this site and not Microsoft?
|
|
LOL!!!!
Please give me one GOOD reason why to trust microsoft....
Pavel thinking like that you cant trust anything on the internet. Anyone can upload a site with some information and post their trojan virus, and your anti-virus probably wont detect it. Your firewall will..
-> If your conversation is so confidential that no one can see it, try downloading the prog and installing it. If your firewall or anti-virus starts alerting you about malicious software, uninstall the prog. If not, it should work just fine. (Except if the guy thats trying to spy on you knows that you have the prog).
-> If you dont care if some wacko goes paranoic or if someone has the patience to check your conversations, just don't do nothig. The prog would probably just use your cpu.
Either ways you probably keep a record (log) of your conversations and anyone who can enter your pc can access them. |
|
|
|
v.v2
Started Topics :
9
Posts :
83
Posted : Mar 14, 2007 04:11
|
Quote:
|
On:30, knocz wrote:
Either ways you probably keep a record (log) of your conversations and anyone who can enter your pc can access them.
|
|
The simple solution here is to lock/encrypt the folder where the chat logs are stored. Folder Lock is a good option. The simplest however is to routinely delete your logs - manually or with something like PC Confidential.
Quote:
|
On:30, Pavel wrote:
Why would i trust you or this site and not Microsoft?
|
|
Its good that you question things before you act. Let me answer this as briefly as possible -
It is not a question about trusting Microsoft or not. It is just that, as of now, MSN conversations are relayed in cleartext. Cleartext basically means plaintext without any encryption (wikipedia). And this is not what I am saying, but Micrsoft itself. See it on their site at this link -
http://www.microsoft.com/technet/prodtechnol/winxppro/evaluate/insid01.mspx (look in .NET Messenger Service)
The probable reason it is in cleartext now is because if they were to encrypt every message, the load on their servers would be tremendous, and also take the instant out of IMs So until they figure it out, why not get the add-on security feature? (btw- emails are sent over far more secure servers and hence provide some degree of security)
As for trusting me or this site, you don't have to. Now that you know that your IMs can be easily read, you can discover your own way of making them private. I looked around and found this to be the best solution.
Quote:
|
On:02, juice wrote:
y they want to read some one else conversation...i don ve tht mch time nd no intrst either....
|
|
The reasons can be many - simple fun being one. Other reasons can be that MSN now accounts for 40 percent of all IM traffic, hence very lucrative to spammers. Sniffers can monitor IMs for keywords and use it to spam you with related mails. The double problem with MSN is that, unlike other clients, it still uses one's email as authentication, which makes it much easier for spammers to reach you directly (if u use your hotmail for emails too, I dont!). It's also friggin easy - google for msn sniffer (most options are for your local network, but some wares also work for remote ones).
The moot point however is, privacy is a right, and the mooter one - better to be safe than sorry.
|
|
|
|
day_tripper
IsraTrance Junior Member
Started Topics :
28
Posts :
1120
Posted : Mar 14, 2007 19:22
|
Use Linux as your desktop environment guys; that should solve most of your security related issues.
As for someone sniffing your IM conversations, I suggest simply tunnel it over SSL( http://en.wikipedia.org/wiki/Secure_Sockets_Layer or TLS). I'm not sure if MSN has this feature (I don't use M$N  )
I use SSL for my Google talk and Jabber accounts!
Windows users could use this open source messaging client called Gaim (http://gaim.sourceforge.net/downloads.php), it supports SSL.
For those who don't trust me, go through the source and compile it yourself!
"It's not the fall that kills you; it's the sudden stop at the end." - Douglas Adams |
|
|
|
v.v2
Started Topics :
9
Posts :
83
Posted : Mar 14, 2007 21:19
|
|
but gaim is still using another interface isnt it, and that, for most, is an issue |
|
|
|
day_tripper
IsraTrance Junior Member
Started Topics :
28
Posts :
1120
Posted : Mar 15, 2007 05:41
|
I'm not quite sure what you mean by that, but Gaim uses a GTK graphics Engine, which many of the existing windows apps. use.
If you mean the OOBE or user experience, I'm afraid the user should adjust a little to get used to the Gaim interface- which is fairly generic.
If this much can't be done, then why bother about security?
PS: Personally, I feel security is a myth. There's no such thing as a 100% secure environment. It's like a condom with 100 holes, you patch 99, and it's as good as patching none 
"It's not the fall that kills you; it's the sudden stop at the end." - Douglas Adams |
|
|
|
Raziel
Started Topics :
2
Posts :
47
Posted : Mar 16, 2007 13:43
|
|
and why are you trying so much to convince us? |
|
|
|
