Hello everyone, a while ago I discovered a  discovered a security vulnerability in the software of messenger live plus who is to recover all the pages of chat logs of all users of messenger live plus, for now I want to talk with Patchou of this software and the security measures.

Thank you for helping me to contact Patchou.

I believe the fastest way to contact him would be to send an email to patchou@msgpluslive.net, an address he himself has given out on these forums before.

Thank you man

Chat logs of all users on a computer are stored in My Documents. Can you give more information about the "vulnerability" you found? Thanks.

quote:

---

Originally posted by Patchou
Chat logs of all users on a computer are stored in My Documents. Can you give more information about the "vulnerability" you found? Thanks.

---

The pages of chat logs are stored not only in your computer (even if it is already dangerous) but also in the computers of individual users of Messenger  Live Plus, and that's the problem because it only takes a small Peer to Peer software to retrieve them, and I think this is illegal because no one wants to see his conversations read by others.

By that logic Microsoft's own chat logging functionality (or any Messenger client with chat logging for that matter) is "vulnerable" too.

quote:

---

Originally posted by allaoua
because it only takes a small Peer to Peer software to retrieve them

---

Precisely, that's the problem (in my opinion) is that Messenger Live Plus keeps the chat logs on the client side, client side and as everyone knows is not sure if was by cons server side it will be better and more secure.

And for your information sir, a security vulnerability is anything allowing to have private informations and there are two kinds:

1-passive
2-active

and I think that I downloaded your own pages conversations is not pleasant and it is a passive attack.

I say one thing, Messenger Live Plus is the sole responsibility of this security hole, and MSN only without Messenger Live Plus can never have this problem.

Thank you.

What makes you think chat logs are saver on a server, that's giving control over security away to an unknown party. What if the server gets hacked? Then the hacker in question will have access over all the chat logs instead of just those from a single person. Server-side storage makes it a much bigger target. And we'll still have to download the logs to our local machines to be able to view it, a person with access to the local macine will still be able to "steal" the log files as before.

quote:

---

Originally posted by allaoua
MSN only without Messenger Live Plus can never have this problem.

---

Ok that is your point of view, but still download the pages of chat logs from other people is still a security hole.

and I will not enter into a conversation about the advantages / disadvantages of client side or server side.

Most me when I try to download the pages of history conversations I managed to have lots of pages, and if I use just a way i can get more efficient, much more, I think I ' I did my duty to alert you and you to see, thank you.

It is the users responsibility to secure the logs not that of Messenger Plus! or Windows Live Messneger. Your chat logs are recorded in an unencrypted state by Windows Live Messenger. Messenger Plus! at least allows you to encrypt them.

quote:

---

Originally posted by allaoua
download the pages of chat logs from other people is still a security hole

---

allaoua, Are you saying there is a security flaw in Microsoft Word? Because when I save my documents it stores them on the local hard drive where any piece of malicious software could access them. The same goes for almost any other application you run on a computer.

If you need to keep your conversation secure, have it face to face in a private place.

Mr. Matty is a big mistake to say that the user to protect their data, computer, nothing is left efcape when an application is released in final version, we see the computer user's most igniorant and beast  possible.

For you Mr Menthix
No they are not a security problem, but that's just the principle of Peer to Peer is its architecture is like that, and say it's illegal or not is another matter, but what Messenger Live Plus it makes the sparks that blew everything.

I think this thread can be summed up with one picture:




According to your logic, as far as I understood it, storing documents like chat logs in the "My Documents" folder is a security vulnerability because some people might accidentally share that folder with peer-to-peer applications?  (people still use those? o_0)

Everything you communicate with others via the internet can be logged by the receiver and there's no way Plus! could prevent that.

quote:

---

Originally posted by allaoua
Messenger Plus Live is the default save location in acceissible by software Peer to Peer

---

quote:

---

Originally posted by allaoua
the greater part of the user logins do not even know not that there are conversations in their "My Documents"

---

quote:

---

Originally posted by allaoua
if I must contact Microsoft to alert them to a fault I have no hesitation

---

oops i guess i should alert hp too, my scanner is sending all the scans to a folder inside My Documents . Same for my webcam And Matlab, and Skype...

Obvious troll is obvious...

just ignore him... it's retarded that you still argue with this obvious "security expert".

O.o Another newb. Now there's two of us

quote:

---

Originally posted by allaoua
Mr. Matty is a big mistake to say that the user to protect their data, computer, nothing is left efcape when an application is released in final version, we see the computer user's most igniorant and beast  possible.

---