|
Icq Warning!!!
|
View this Thread in Original format
| Rustang! |
Taken from http://www.pulse24.com/News/Top_Sto...11-009/page.asp
| quote: | Chat Scat
Do you use ICQ on your computer? Let’s have a chat. Security experts warn the program, which lets users engage in real-time conversation over the internet, has a serious security flaw that could allow a hacker to completely take over your computer. And so far, the fix isn’t in.
“There’s a vulnerability in ICQ that allows anyone in the world to take control of your computer,” agrees Carolyn Burke of F.S.C. Internet Corporation. “All you need to have is ICQ running on your computer. You don’t even need to be logged in … They could do something they wanted on your computer, including getting your financial information.”
At least 100,000 Canadians use the program, but the experts hope those numbers go down quickly. That’s because the company that makes it hasn’t released a patch for the problem. And that leaves only one alternative: turn it off and uninstall it, until they do. Or risk the alternative, and let a hacker seek you.
January 11, 2002
|
what do u guys think? |
|
|
| Spad |
| Well maybe if they'd explained the security problem a bit better, but it doesn't really tell us much. Sounds like a stupid rumour to me. Probably just something along the lines of a way for people to get your IP which shouldn't matter anyway if everybody's taking basic security precautions (i.e. personal firewall). |
|
|
| Rustang! |
| it isn't a rumour, i got that from a new station website, and i watched them talking to the icq people on the news too yesterday. i thought it was bull too, but apparently it's true.... |
|
|
| {b.s.e.} |
| mah. i'm not worried, really. if some hacker wants to waste his time hacking into my pc, go ahead. he'll be gone when he realizes there are only mp3s on here. :D |
|
|
| Bizz |
| I'm not too worried too. I have an annoying friend who thinks he's a hacker and has all this hacking on his computer. On repeated attempts he tried to hack into my computer through ICQ, but for all I know, the most he can get is my IP address and that's it (i.e. he messages me with my IP to try to scare me - what a loser.) Same deal as b.s.e. too, I don't care if I get hacked, lol.. there's not much to play with on this computer :) |
|
|
| ojste |
haha but i bet u'd be pissed off if this hacker decides to delete all your mp3's.... and yes they know how to if they really are a hacker
cya :D |
|
|
| AnotherWay83 |
| quote: | Originally posted by ojste
haha but i bet u'd be pissed off if this hacker decides to delete all your mp3's.... and yes they know how to if they really are a hacker
cya :D |
exactly, but the real hackers hardly ever waste their time doing stupid things like deleting strangers' mp3s for fun...they're usually upto way bigger things, always trying to expand their knowledge, usually what they do isn't even known
peace |
|
|
| TrAnCe CoNtRoL |
| i heard about this, and i feel the need to comment on it. they can do this with anything. it doesnt take a genieus to do it either. it can happen if your having a convo with anyone on any program, not just icq. all the programs have security flaws in them. i loved it on the news when they described the problem and HOW THE HACKER ACTUALLY DOES IT. i mean geez just tell them my ip address while your at it and i can just sit back and let them have my ing comp. |
|
|
| Bizz |
| quote: | Originally posted by TrAnCe CoNtRoL
i heard about this, and i feel the need to comment on it. they can do this with anything. it doesnt take a genieus to do it either. it can happen if your having a convo with anyone on any program, not just icq. all the programs have security flaws in them. i loved it on the news when they described the problem and HOW THE HACKER ACTUALLY DOES IT. i mean geez just tell them my ip address while your at it and i can just sit back and let them have my ing comp. |
I agree, I mean there are just too many programs that have security holes in them and way too many other methods of hacking into another's computer. According to their suggestion (turn off icq or uninstall it), you might as well turn off your entire damned computer if you don't want a "hacker to seek you". This explains why the media doesn't explore the security flaws of lesser known programs (they already went all over Windows XP and ICQ in the last few days).. they just want to scare the public.. |
|
|
| Swamper |
This is legit.
http://securityfocus.com/bid/3813
bugtraq id 3813
object
class Boundary Condition Error
cve CVE-MAP-NOMATCH
remote Yes
local No
published Jan 06, 2002
updated Jan 08, 2002
vulnerable Mirabilis ICQ 2000.0b Build 3278
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows 2000
- Microsoft Windows NT 4.0
Mirabilis ICQ 2000.0A
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 2000
- Microsoft Windows 2000 SP1
- Microsoft Windows 2000 SP2
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
The news article, however, is stupid since it's suggestion to uninstall is ridiculous/borderline paranoia - you cannot cause a buffer overflow in a program that is not being executed so don't worry.
Apparently the buffer overflow will happen with a carefully tailored packet that has to travel through the server and then to a UIN, it won't work on direct connects....
(...a similar vulnerability with AIM happened in december for the same reason...) |
|
|
| SmellsExcellent |
| , if someeone hack my computer theyll find all my top secret level 17 government documents that I stole from the FBI computers!!! Damn hackers. |
|
|
| TrAnCe CoNtRoL |
| hey man the FBI doesnt around. even if your joking you better hope no one sees that or else youll have the government at your house or tearing apart your computer. |
|
|
|
|
