I hate to break it to you, but almost all e-mail isn't encrypted either. The log on info to MSN Messenger is not clear text. The messages are. I sniffed MSN Messenger and it's an RSA certificate. I think you mean I can sniff most pop accounts and see the username and password, not MSN Messenger.
""David Tran"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > >The messages are usually smaller than e-mail. And > > no they aren't insecure (well besides the gaping hole AIM just patched). > A > > stateful firewall or CBAC can stop session hijacking. > > It is the statement like this that makes me almost fall off my chair. What > planet > are you coming from? What make you think that these IM is secured > (excluding > the gapping hole in AIM). Remember, you have to connect the client to an > external IM server, the information is traveling in "clear text" including > your > username and password. What makes you think that these IM servers are > secure? Furthermore, your communication can be monitored by a third party. > CBAC or stateful Firewall can not prevent this because your session is being > monitored on the IM servers. There is nothing that your firewall can do. > If > hackers successfully hack the IM servers, consider your conversation > available > to everybody else. > > The best way to secure communication is running IM over Secure Socket Layer > (SSL). I've been using jabber over SSL for a few months now and it is > working great. You want something secure, build your own jabber server, run > the > service over SSL and have your buddies to connect to your jabber IM server > for > secure communication. Jabber server is a freeware available on Linux > platform. > > ----- Original Message ----- > From: "Steven A. Ridder" > To: > Sent: Sunday, January 06, 2002 11:38 AM > Subject: Re: How to block MSN, and others. [7:31057] > > > > I can't imagine the problem with Messenger apps. I feel that instant > > communication can be handy at times. Sometimes I hate waiting for an > e-mail > > response, and a messenger service fits that niche nicely. And no, they > > don't waste bandwidth. The messages are usually smaller than e-mail. And > > no they aren't insecure (well besides the gaping hole AIM just patched). > A > > stateful firewall or CBAC can stop session hijacking. > > > > I don't use instant messaging at all (except for e-bay alerts and traffic > > updates) but I see huge potential for IM and I bet that messaging will > only > > get more ubiquitous as the years go by. So try and live with it instaed > of > > fighting it all the time. > > -- > > > > RFC 1149 Compliant. > > > > > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31070&t=31057 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
