discovered a security vulnerability |
Author: |
Message: |
allaoua
New Member
Posts: 6
37 / /
Joined: Jul 2010
|
O.P. discovered a security vulnerability
Hello everyone, a while ago I discovered a discovered a security vulnerability in the software of messenger live plus who is to recover all the pages of chat logs of all users of messenger live plus, for now I want to talk with Patchou of this software and the security measures.
Thank you for helping me to contact Patchou.
|
|
07-30-2010 11:43 AM |
|
|
Tochjo
forum super mod
Posts: 4207 Reputation: 78
37 / /
Joined: Sep 2003
Status: Online
|
RE: discovered a security vulnerability
I believe the fastest way to contact him would be to send an email to patchou@msgpluslive.net, an address he himself has given out on these forums before.
|
|
07-30-2010 11:49 AM |
|
|
allaoua
New Member
Posts: 6
37 / /
Joined: Jul 2010
|
O.P. RE: discovered a security vulnerability
Thank you man
|
|
07-30-2010 12:00 PM |
|
|
Patchou
Messenger Plus! Creator
Posts: 8607 Reputation: 201
43 / /
Joined: Apr 2002
|
RE: discovered a security vulnerability
Chat logs of all users on a computer are stored in My Documents. Can you give more information about the "vulnerability" you found? Thanks.
|
|
07-30-2010 03:48 PM |
|
|
matty
Scripting Guru
Posts: 8336 Reputation: 109
39 / /
Joined: Dec 2002
Status: Away
|
RE: discovered a security vulnerability
quote: Originally posted by Patchou
Chat logs of all users on a computer are stored in My Documents. Can you give more information about the "vulnerability" you found? Thanks.
I think the OP is refering to the feature "exposing" chat logs on your system to anyone who has access to it. However it is your own responsibility to encrypt the chat logs.
Patchou:
Plus! 5 should ask the user if the computer is shared and force auto encryption on the logs. This will prevent such fake "vulnerability" report.
|
|
07-30-2010 04:08 PM |
|
|
allaoua
New Member
Posts: 6
37 / /
Joined: Jul 2010
|
O.P. RE: discovered a security vulnerability
The pages of chat logs are stored not only in your computer (even if it is already dangerous) but also in the computers of individual users of Messenger Live Plus, and that's the problem because it only takes a small Peer to Peer software to retrieve them, and I think this is illegal because no one wants to see his conversations read by others.
|
|
07-30-2010 04:37 PM |
|
|
Menthix
forum admin
Posts: 5537 Reputation: 102
40 / /
Joined: Mar 2002
|
RE: discovered a security vulnerability
By that logic Microsoft's own chat logging functionality (or any Messenger client with chat logging for that matter) is "vulnerable" too.
quote: Originally posted by allaoua
because it only takes a small Peer to Peer software to retrieve them
Which the user would have to allow to happen locally. The user would need to have his security breached in another way first. This is not a security vulnerability in the Messenger Plus! software. It is the user's job to keep his local files local.
|
|
07-30-2010 05:36 PM |
|
|
allaoua
New Member
Posts: 6
37 / /
Joined: Jul 2010
|
O.P. RE: discovered a security vulnerability
Precisely, that's the problem (in my opinion) is that Messenger Live Plus keeps the chat logs on the client side, client side and as everyone knows is not sure if was by cons server side it will be better and more secure.
And for your information sir, a security vulnerability is anything allowing to have private informations and there are two kinds:
1-passive
2-active
and I think that I downloaded your own pages conversations is not pleasant and it is a passive attack.
I say one thing, Messenger Live Plus is the sole responsibility of this security hole, and MSN only without Messenger Live Plus can never have this problem.
Thank you.
|
|
07-30-2010 07:36 PM |
|
|
Menthix
forum admin
Posts: 5537 Reputation: 102
40 / /
Joined: Mar 2002
|
RE: discovered a security vulnerability
What makes you think chat logs are saver on a server, that's giving control over security away to an unknown party. What if the server gets hacked? Then the hacker in question will have access over all the chat logs instead of just those from a single person. Server-side storage makes it a much bigger target. And we'll still have to download the logs to our local machines to be able to view it, a person with access to the local macine will still be able to "steal" the log files as before.
quote: Originally posted by allaoua
MSN only without Messenger Live Plus can never have this problem.
Windows Live Messenger (as MSN is called for years now) has its own chat logging functionallity too, you don't need Messenger Plus! for that. Live Messenger's own chat logging also stores the log files locally. In a way Live Messenger's own logging functionallity is less secure, because Messenger Plus! allows password protected log files, Live Messenger does not.
|
|
07-30-2010 07:47 PM |
|
|
allaoua
New Member
Posts: 6
37 / /
Joined: Jul 2010
|
O.P. RE: discovered a security vulnerability
Ok that is your point of view, but still download the pages of chat logs from other people is still a security hole.
and I will not enter into a conversation about the advantages / disadvantages of client side or server side.
Most me when I try to download the pages of history conversations I managed to have lots of pages, and if I use just a way i can get more efficient, much more, I think I ' I did my duty to alert you and you to see, thank you.
|
|
07-30-2010 08:15 PM |
|
|
Pages: (2):
« First
[ 1 ]
2
»
Last »
|
|