Learn, hack!

Hacking and security documentation: slides, papers, video and audio recordings. All in high-quality, daily updated, avoiding security crap documents. Spreading hacking knowledge, for free, enjoy. Follow on .

Secure Instant Messaging

Chaos Communication Congress 21th (21C3) 2004
Indexed on
Mar 27, 2013
File name
File size
120.7 KB

The talk describes some of the current practices of Instant Messaging providers, and go over what makes some of the design choices better or worse, describing possible and known attacks against messaging protocols and suggest possible solutions to those problems. If possible a live demonstration of exploitation of AOLs Instant Messenger will be shown though a simple attack on DNS. Instant messaging has become one of the most common methods of communication in the Internet age, just about every person who has an Internet connection has one or more instant messaging accounts with one or more of the big providers (AOL, MSN, Yahoo, etc.). The problem with current messaging providers is that each and every instant messaging protocol designed so far has made security and privacy an after-thought. With simple blunders like non-cryptographicly mangled passwords, clear text conversations, the use of format strings in server-client communications. And in some cases, just plain dumb protocol implementations. Another topic I will attempt to cover is the suppression of securing technologies by the American (and other) governments by law, for example the US's use of the ITAR to suppress the use and distribution of such simple technologies as virus scanners, SSL and how even the act of assisting someone in implementing these can land a person in jail.. my intent is to color the talk with personal stories, news articles, and textual examples from the laws themselves.

About us

Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.


Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.


To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.

Flattr this Click here to lend your support to: Keep live SecDocs for an year and make a donation at www.pledgie.com !