TranceAddict Forums (www.tranceaddict.com/forums)
- Chill Out Room
-- Icq Warning!!!
Icq Warning!!!
Taken from http://www.pulse24.com/News/Top_Sto...11-009/page.asp
| quote: |
| Chat Scat Do you use ICQ on your computer? Let�s have a chat. Security experts warn the program, which lets users engage in real-time conversation over the internet, has a serious security flaw that could allow a hacker to completely take over your computer. And so far, the fix isn�t in. �There�s a vulnerability in ICQ that allows anyone in the world to take control of your computer,� agrees Carolyn Burke of F.S.C. Internet Corporation. �All you need to have is ICQ running on your computer. You don�t even need to be logged in � They could do something they wanted on your computer, including getting your financial information.� At least 100,000 Canadians use the program, but the experts hope those numbers go down quickly. That�s because the company that makes it hasn�t released a patch for the problem. And that leaves only one alternative: turn it off and uninstall it, until they do. Or risk the alternative, and let a hacker seek you. January 11, 2002 |
Well maybe if they'd explained the security problem a bit better, but it doesn't really tell us much. Sounds like a stupid rumour to me. Probably just something along the lines of a way for people to get your IP which shouldn't matter anyway if everybody's taking basic security precautions (i.e. personal firewall).
it isn't a rumour, i got that from a new station website, and i watched them talking to the icq people on the news too yesterday. i thought it was bullshit too, but apparently it's true....
mah. i'm not worried, really. if some hacker wants to waste his time hacking into my pc, go ahead. he'll be gone when he realizes there are only mp3s on here. 
I'm not too worried too. I have an annoying friend who thinks he's a hacker and has all this hacking shit on his computer. On repeated attempts he tried to hack into my computer through ICQ, but for all I know, the most he can get is my IP address and that's it (i.e. he messages me with my IP to try to scare me - what a loser.) Same deal as b.s.e. too, I don't care if I get hacked, lol.. there's not much to play with on this computer 
haha but i bet u'd be pissed off if this hacker decides to delete all your mp3's.... and yes they know how to if they really are a hacker
cya 
| quote: |
| Originally posted by ojste haha but i bet u'd be pissed off if this hacker decides to delete all your mp3's.... and yes they know how to if they really are a hacker cya |
i heard about this, and i feel the need to comment on it. they can do this with anything. it doesnt take a genieus to do it either. it can happen if your having a convo with anyone on any program, not just icq. all the programs have security flaws in them. i loved it on the news when they described the problem and HOW THE HACKER ACTUALLY DOES IT. i mean geez just tell them my ip address while your at it and i can just sit back and let them have my fucking comp.
| quote: |
| Originally posted by TrAnCe CoNtRoL i heard about this, and i feel the need to comment on it. they can do this with anything. it doesnt take a genieus to do it either. it can happen if your having a convo with anyone on any program, not just icq. all the programs have security flaws in them. i loved it on the news when they described the problem and HOW THE HACKER ACTUALLY DOES IT. i mean geez just tell them my ip address while your at it and i can just sit back and let them have my fucking comp. |
This is legit.
http://securityfocus.com/bid/3813
bugtraq id 3813
object
class Boundary Condition Error
cve CVE-MAP-NOMATCH
remote Yes
local No
published Jan 06, 2002
updated Jan 08, 2002
vulnerable Mirabilis ICQ 2000.0b Build 3278
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows 2000
- Microsoft Windows NT 4.0
Mirabilis ICQ 2000.0A
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 2000
- Microsoft Windows 2000 SP1
- Microsoft Windows 2000 SP2
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
The news article, however, is stupid since it's suggestion to uninstall is ridiculous/borderline paranoia - you cannot cause a buffer overflow in a program that is not being executed so don't worry.
Apparently the buffer overflow will happen with a carefully tailored packet that has to travel through the server and then to a UIN, it won't work on direct connects....
(...a similar vulnerability with AIM happened in december for the same reason...)
shit, if someeone hack my computer theyll find all my top secret level 17 government documents that I stole from the FBI computers!!! Damn hackers.
hey man the FBI doesnt fuck around. even if your joking you better hope no one sees that or else youll have the government at your house or tearing apart your computer.
Baloney sandwich covered in moldy cheese..
If one is that paranoid, get antivirus, firewall prog, and spyware checker.. With a packet / port sniffer if ya that sketchy..
Or get hardware security by getting a router.
it's true.
icq creates a open port for hackers to get in.
but i'm not so sure about the report that having it (not opening it) makes u vulnerable.
the average "hacker" nowadays are kids trying to create havoc apon this planet. there are lots of programs out there like "netbus", trojan horses etc.
i wouldnt be surprise if someone writes a windows-based icq hacker program. even the dumbest person would know how to operate them.
what i mean is, don't think a hacker would follow a specific code of conduct or something. if u wake up one morning and find tghat everything in yr HDD gets deleted, don't blame anyone, blame yourself..
This is your Answer
I am a Computer Network Specialist and let�s talk basics for now. All these chat clients like ICQ, IRC, MSN, YAHOO, AOL all use TCP connections, which basically is a huge protocol which you need to communicate with Rest of the world, UDP is there but is not very used much, IPX/SPX is used for networks, e.g. Novell. Anyway Back to TCP stuff, Inside The TCP Protocol is more protocols like another 200 I think call segment layer of the TCP protocol, these run in the NETBIOS and all the other crap like that. When you connect to your ISP with your home connection you get a IP address how simple, now you can�t really change that unless your running Socks programs and your ISP lets you, even these programs can get hacked. So say your IP is 200.188.54.12, Just with this I can tell what website your on, I could tell what applications your running and so on just buy packet sniffing, I could catch emails the list is endless but this takes time, if your running UNIX then your fucked either way WIN is simple and basic. ICQ has loads of exploit init. Just like some of your big Servers. Even your ISP will have exploits. Most of ICQ hackers are �Kiddie Scriptures� kids, teenagers who download sub-seven or netbus or whatever, email you a program, and there ya go simple back door and yes, your computer is fucked, some of these �Trojans� have been coded quite well, I know Subseven can get all your passwords, Dun�s, the lot, also format your HD if they wanted. The only advice is Use A Firewall like Zone Alarm, Black Ice Defender or whatever, if you have Credit Card Information on your PC, encrypt it with Blow Fish, PGP, or whatever, Run Anti � Virus / Trojan checkers, also sort out your IE configuration, like Java on / off etc. All this is basic information, and should be the basics to connecting to the NET. A few good links.
www.astalavista.com
www.cyberarmy.com
www.packetstorm.net
Dj RoZZeR
| quote: |
| Originally posted by TrAnCe CoNtRoL hey man the FBI doesnt fuck around. even if your joking you better hope no one sees that or else youll have the government at your house or tearing apart your computer. |
Powered by: vBulletin
Copyright © 2000-2021, Jelsoft Enterprises Ltd.