Re: [JDEV] Fwd: [BUGTRAQ] First reflections on security of MSN Messenger

[Jeremie <jeremie@jabber.org>]

On Fri, 23 Jul 1999, Vijay Saraswat wrote:

> So ... can anyone else connect to their AOL IM account this morning with MSN
> Messenger?
> 
> All my attempts at connecting are being rebuffed with an incorrect password/login
> does not exist error... even though I can connect to the accounts using a native
> AOL IM client and a TOC AOL IM client..I've talked to a dozen other people
> already.. same result.
> 
> It would be interesting if AOL has already found a way to detect that you are
> using MSN Messenger and dropping the connection, so that all MSN Messenger
> attempts to connect are rebuffed.

Hmm... 
http://www.news.com/News/Item/0,4,39649,00.html

Sounds almost like MSN's client also spoke AIM's protocol natively?
It also sounds like AOL isn't too happy allowing others to utilize their
AIM service w/o using their client, but there's not much they can do since
it's their customer's choice to use a client that utilizes the
reverse-engineered AIM protocol.

One of the benifits of having the transport bits happening on the server
side is so that when something like this happens and they "tweak" their
servers to reject clones, the tweak can be fixed and transport replaced
without affecting or reinstalling all of the clients :)

> 
> The first cyber war....???

AOL vs. MS, should be interesting :)

> 
> [Jer, others: if this is not of interest to the guys on this list, let me know
> and I will shut up.]

No prob, please feel free post things like this, I know I find 
it interesting!

Jer