What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » Messenger Plus! for Live Messenger » WLM Plus! General » discovered a security vulnerability

Pages: (2): « First [ 1 ] 2 » Last »
discovered a security vulnerability
Author: Message:
allaoua
New Member
*


Posts: 6
37 / Male / Flag
Joined: Jul 2010
O.P. discovered a security vulnerability
Hello everyone, a while ago I discovered a  discovered a security vulnerability in the software of messenger live plus who is to recover all the pages of chat logs of all users of messenger live plus, for now I want to talk with Patchou of this software and the security measures.

Thank you for helping me to contact Patchou.
07-30-2010 11:43 AM
Profile PM Find Quote Report
Tochjo
forum super mod
******

Avatar

Posts: 4205
Reputation: 78
37 / Male / Flag
Joined: Sep 2003
RE: discovered a security vulnerability
I believe the fastest way to contact him would be to send an email to patchou@msgpluslive.net, an address he himself has given out on these forums before.
07-30-2010 11:49 AM
Profile PM Find Quote Report
allaoua
New Member
*


Posts: 6
37 / Male / Flag
Joined: Jul 2010
O.P. RE: discovered a security vulnerability
Thank you man ;)
07-30-2010 12:00 PM
Profile PM Find Quote Report
Patchou
Messenger Plus! Creator
*****

Avatar

Posts: 8607
Reputation: 201
43 / Male / Flag
Joined: Apr 2002
RE: discovered a security vulnerability
Chat logs of all users on a computer are stored in My Documents. Can you give more information about the "vulnerability" you found? Thanks.
[Image: signature2.gif]
07-30-2010 03:48 PM
Profile PM Web Find Quote Report
matty
Scripting Guru
*****


Posts: 8336
Reputation: 109
39 / Male / Flag
Joined: Dec 2002
Status: Away
RE: discovered a security vulnerability
quote:
Originally posted by Patchou
Chat logs of all users on a computer are stored in My Documents. Can you give more information about the "vulnerability" you found? Thanks.
I think the OP is refering to the feature "exposing" chat logs on your system to anyone who has access to it. However it is your own responsibility to encrypt the chat logs.

Patchou:
Plus! 5 should ask the user if the computer is shared and force auto encryption on the logs. This will prevent such fake "vulnerability" report.
07-30-2010 04:08 PM
Profile E-Mail PM Find Quote Report
allaoua
New Member
*


Posts: 6
37 / Male / Flag
Joined: Jul 2010
O.P. RE: discovered a security vulnerability
The pages of chat logs are stored not only in your computer (even if it is already dangerous) but also in the computers of individual users of Messenger  Live Plus, and that's the problem because it only takes a small Peer to Peer software to retrieve them, and I think this is illegal because no one wants to see his conversations read by others.
07-30-2010 04:37 PM
Profile PM Find Quote Report
Menthix
forum admin
*******

Avatar

Posts: 5537
Reputation: 102
40 / Male / Flag
Joined: Mar 2002
RE: discovered a security vulnerability
By that logic Microsoft's own chat logging functionality (or any Messenger client with chat logging for that matter) is "vulnerable" too.

quote:
Originally posted by allaoua
because it only takes a small Peer to Peer software to retrieve them
Which the user would have to allow to happen locally. The user would need to have his security breached in another way first. This is not a security vulnerability in the Messenger Plus! software. It is the user's job to keep his local files local.
Finish the problem
Menthix.net | Contact Me
07-30-2010 05:36 PM
Profile E-Mail PM Web Find Quote Report
allaoua
New Member
*


Posts: 6
37 / Male / Flag
Joined: Jul 2010
O.P. RE: discovered a security vulnerability
Precisely, that's the problem (in my opinion) is that Messenger Live Plus keeps the chat logs on the client side, client side and as everyone knows is not sure if was by cons server side it will be better and more secure.

And for your information sir, a security vulnerability is anything allowing to have private informations and there are two kinds:

1-passive
2-active

and I think that I downloaded your own pages conversations is not pleasant and it is a passive attack.

I say one thing, Messenger Live Plus is the sole responsibility of this security hole, and MSN only without Messenger Live Plus can never have this problem.

Thank you.
07-30-2010 07:36 PM
Profile PM Find Quote Report
Menthix
forum admin
*******

Avatar

Posts: 5537
Reputation: 102
40 / Male / Flag
Joined: Mar 2002
RE: discovered a security vulnerability
What makes you think chat logs are saver on a server, that's giving control over security away to an unknown party. What if the server gets hacked? Then the hacker in question will have access over all the chat logs instead of just those from a single person. Server-side storage makes it a much bigger target. And we'll still have to download the logs to our local machines to be able to view it, a person with access to the local macine will still be able to "steal" the log files as before.

quote:
Originally posted by allaoua
MSN only without Messenger Live Plus can never have this problem.
Windows Live Messenger (as MSN is called for years now) has its own chat logging functionallity too, you don't need Messenger Plus! for that. Live Messenger's own chat logging also stores the log files locally. In a way Live Messenger's own logging functionallity is less secure, because Messenger Plus! allows password protected log files, Live Messenger does not.
Finish the problem
Menthix.net | Contact Me
07-30-2010 07:47 PM
Profile E-Mail PM Web Find Quote Report
allaoua
New Member
*


Posts: 6
37 / Male / Flag
Joined: Jul 2010
O.P. RE: discovered a security vulnerability
Ok that is your point of view, but still download the pages of chat logs from other people is still a security hole.

and I will not enter into a conversation about the advantages / disadvantages of client side or server side.

Most me when I try to download the pages of history conversations I managed to have lots of pages, and if I use just a way i can get more efficient, much more, I think I ' I did my duty to alert you and you to see, thank you.
07-30-2010 08:15 PM
Profile PM Find Quote Report
Pages: (2): « First [ 1 ] 2 » Last »
« Next Oldest Return to Top Next Newest »


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts
HTML is Off
myCode is On
Smilies are On
[img] Code is On