TranceAddict Forums

TranceAddict Forums (www.tranceaddict.com/forums)
- Chill Out Room
-- Icq Warning!!!


Posted by Rustang! on Jan-12-2002 21:20:

Icq Warning!!!

Taken from http://www.pulse24.com/News/Top_Sto...11-009/page.asp

quote:
Chat Scat

Do you use ICQ on your computer? Let�s have a chat. Security experts warn the program, which lets users engage in real-time conversation over the internet, has a serious security flaw that could allow a hacker to completely take over your computer. And so far, the fix isn�t in.

�There�s a vulnerability in ICQ that allows anyone in the world to take control of your computer,� agrees Carolyn Burke of F.S.C. Internet Corporation. �All you need to have is ICQ running on your computer. You don�t even need to be logged in � They could do something they wanted on your computer, including getting your financial information.�

At least 100,000 Canadians use the program, but the experts hope those numbers go down quickly. That�s because the company that makes it hasn�t released a patch for the problem. And that leaves only one alternative: turn it off and uninstall it, until they do. Or risk the alternative, and let a hacker seek you.






January 11, 2002


what do u guys think?


Posted by Spad on Jan-12-2002 21:34:

Well maybe if they'd explained the security problem a bit better, but it doesn't really tell us much. Sounds like a stupid rumour to me. Probably just something along the lines of a way for people to get your IP which shouldn't matter anyway if everybody's taking basic security precautions (i.e. personal firewall).


Posted by Rustang! on Jan-12-2002 21:53:

it isn't a rumour, i got that from a new station website, and i watched them talking to the icq people on the news too yesterday. i thought it was bullshit too, but apparently it's true....


Posted by {b.s.e.} on Jan-12-2002 21:54:

mah. i'm not worried, really. if some hacker wants to waste his time hacking into my pc, go ahead. he'll be gone when he realizes there are only mp3s on here.


Posted by Bizz on Jan-13-2002 00:45:

I'm not too worried too. I have an annoying friend who thinks he's a hacker and has all this hacking shit on his computer. On repeated attempts he tried to hack into my computer through ICQ, but for all I know, the most he can get is my IP address and that's it (i.e. he messages me with my IP to try to scare me - what a loser.) Same deal as b.s.e. too, I don't care if I get hacked, lol.. there's not much to play with on this computer


Posted by ojste on Jan-13-2002 03:33:

haha but i bet u'd be pissed off if this hacker decides to delete all your mp3's.... and yes they know how to if they really are a hacker

cya


Posted by AnotherWay83 on Jan-13-2002 04:57:

quote:
Originally posted by ojste
haha but i bet u'd be pissed off if this hacker decides to delete all your mp3's.... and yes they know how to if they really are a hacker

cya


exactly, but the real hackers hardly ever waste their time doing stupid things like deleting strangers' mp3s for fun...they're usually upto way bigger things, always trying to expand their knowledge, usually what they do isn't even known

peace


Posted by TrAnCe CoNtRoL on Jan-13-2002 05:03:

i heard about this, and i feel the need to comment on it. they can do this with anything. it doesnt take a genieus to do it either. it can happen if your having a convo with anyone on any program, not just icq. all the programs have security flaws in them. i loved it on the news when they described the problem and HOW THE HACKER ACTUALLY DOES IT. i mean geez just tell them my ip address while your at it and i can just sit back and let them have my fucking comp.


Posted by Bizz on Jan-13-2002 07:14:

quote:
Originally posted by TrAnCe CoNtRoL
i heard about this, and i feel the need to comment on it. they can do this with anything. it doesnt take a genieus to do it either. it can happen if your having a convo with anyone on any program, not just icq. all the programs have security flaws in them. i loved it on the news when they described the problem and HOW THE HACKER ACTUALLY DOES IT. i mean geez just tell them my ip address while your at it and i can just sit back and let them have my fucking comp.


I agree, I mean there are just too many programs that have security holes in them and way too many other methods of hacking into another's computer. According to their suggestion (turn off icq or uninstall it), you might as well turn off your entire damned computer if you don't want a "hacker to seek you". This explains why the media doesn't explore the security flaws of lesser known programs (they already went all over Windows XP and ICQ in the last few days).. they just want to scare the public..


Posted by Swamper on Jan-13-2002 10:03:

This is legit.
http://securityfocus.com/bid/3813


bugtraq id 3813
object
class Boundary Condition Error
cve CVE-MAP-NOMATCH

remote Yes
local No
published Jan 06, 2002
updated Jan 08, 2002
vulnerable Mirabilis ICQ 2000.0b Build 3278
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows 2000
- Microsoft Windows NT 4.0
Mirabilis ICQ 2000.0A
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 2000
- Microsoft Windows 2000 SP1
- Microsoft Windows 2000 SP2
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a


The news article, however, is stupid since it's suggestion to uninstall is ridiculous/borderline paranoia - you cannot cause a buffer overflow in a program that is not being executed so don't worry.

Apparently the buffer overflow will happen with a carefully tailored packet that has to travel through the server and then to a UIN, it won't work on direct connects....

(...a similar vulnerability with AIM happened in december for the same reason...)


Posted by SmellsExcellent on Jan-13-2002 19:54:

shit, if someeone hack my computer theyll find all my top secret level 17 government documents that I stole from the FBI computers!!! Damn hackers.


Posted by TrAnCe CoNtRoL on Jan-14-2002 03:46:

hey man the FBI doesnt fuck around. even if your joking you better hope no one sees that or else youll have the government at your house or tearing apart your computer.


Posted by u4ea:[soulstar] on Jan-15-2002 06:40:

Baloney sandwich covered in moldy cheese..

If one is that paranoid, get antivirus, firewall prog, and spyware checker.. With a packet / port sniffer if ya that sketchy..

Or get hardware security by getting a router.


Posted by xenderz on Jan-15-2002 06:57:

it's true.
icq creates a open port for hackers to get in.

but i'm not so sure about the report that having it (not opening it) makes u vulnerable.

the average "hacker" nowadays are kids trying to create havoc apon this planet. there are lots of programs out there like "netbus", trojan horses etc.
i wouldnt be surprise if someone writes a windows-based icq hacker program. even the dumbest person would know how to operate them.

what i mean is, don't think a hacker would follow a specific code of conduct or something. if u wake up one morning and find tghat everything in yr HDD gets deleted, don't blame anyone, blame yourself..


Posted by Rostros on Jan-17-2002 16:08:

This is your Answer

I am a Computer Network Specialist and let�s talk basics for now. All these chat clients like ICQ, IRC, MSN, YAHOO, AOL all use TCP connections, which basically is a huge protocol which you need to communicate with Rest of the world, UDP is there but is not very used much, IPX/SPX is used for networks, e.g. Novell. Anyway Back to TCP stuff, Inside The TCP Protocol is more protocols like another 200 I think call segment layer of the TCP protocol, these run in the NETBIOS and all the other crap like that. When you connect to your ISP with your home connection you get a IP address how simple, now you can�t really change that unless your running Socks programs and your ISP lets you, even these programs can get hacked. So say your IP is 200.188.54.12, Just with this I can tell what website your on, I could tell what applications your running and so on just buy packet sniffing, I could catch emails the list is endless but this takes time, if your running UNIX then your fucked either way WIN is simple and basic. ICQ has loads of exploit init. Just like some of your big Servers. Even your ISP will have exploits. Most of ICQ hackers are �Kiddie Scriptures� kids, teenagers who download sub-seven or netbus or whatever, email you a program, and there ya go simple back door and yes, your computer is fucked, some of these �Trojans� have been coded quite well, I know Subseven can get all your passwords, Dun�s, the lot, also format your HD if they wanted. The only advice is Use A Firewall like Zone Alarm, Black Ice Defender or whatever, if you have Credit Card Information on your PC, encrypt it with Blow Fish, PGP, or whatever, Run Anti � Virus / Trojan checkers, also sort out your IE configuration, like Java on / off etc. All this is basic information, and should be the basics to connecting to the NET. A few good links.

www.astalavista.com
www.cyberarmy.com
www.packetstorm.net

Dj RoZZeR


Posted by hypronix on Jan-18-2002 01:42:

quote:
Originally posted by TrAnCe CoNtRoL
hey man the FBI doesnt fuck around. even if your joking you better hope no one sees that or else youll have the government at your house or tearing apart your computer.


That would've been already done. I'll start a thread about "Carnivore"... look around!

in the mean time... hacking/cracking sites are full of exploits for both MSN and ICQ... so this ain't quite new...

anyway... real hackers will not fuk around Ur computer.. maybe just get stuff and leave a message, but not actually fuk it... real hackers, of course, I doubt that use ICQ to infiltrate computers...

hyp



Powered by: vBulletin
Copyright © 2000-2021, Jelsoft Enterprises Ltd.