[Novalug] chat security??

Chris Sykes psychs at gmail.com
Sun Feb 22 16:37:07 EST 2009 

In old school IRC days there were attack vectors over DCC which
enables two recipients to create a data socket directly between
themselves bypassing the server. This is inherently dangerous but it's
like that with anything and not just IRC.

Most attack vectors I am familiar with involve phishing style methods
of getting users to click links or launch url's from inside the chat
application. Skype, msn, yahoo, etc. have all had their runs of these
types attacks, IRC also. General good web ettiquete is the key here
IMO. Don't open a link or accept a download request from people you
don't trust.

Now the nasty vulns are the ones that infect a user then use their
chat appliction as a vector for expansion. In those cases you would
receive a message from someone you do trust. That's more a buyer
beware type of situation and would just have you revise the previous
rule to include the caveat of verifying what is being
clicked-on/downloaded by asking the trusted individual before hand.
Now if someone actually hacks your buddies account ... well sorry u
got rooted :) social engineering always wins.

I am unaware of any current remote code execution type attacks for any
popular chat app. But you aren't running these things as root are
you?!? =)


-Chris


On Sun, Feb 22, 2009 at 4:24 PM, Jon LaBadie <novalugml at jgcomp.com> wrote:
> On Sun, Feb 22, 2009 at 03:57:24PM -0500, Chris Sykes wrote:
>> Well I guess we need to define 'chat'.
>>
>
> I too am not an IRC user, though I knew there were several
> incompatible types and libpurple seems to be able to deal
> with most of the common version using front ends like pidgin.
>
> But, in addition to security of your messages, what about
> downloadable infections.  Have the chat clients (or servers)
> been a vector for any types of malware?
>
> jon
> --
> Jon H. LaBadie                  jon at jgcomp.com
>  JG Computing
>  12027 Creekbend Drive          (703) 787-0884
>  Reston, VA  20194              (703) 787-0922 (fax)
> _______________________________________________
> Novalug mailing list
> Novalug at calypso.tux.org
> http://calypso.tux.org/cgi-bin/mailman/listinfo/novalug
>

More information about the Novalug mailing list