[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hack MSN anyone?



On Thu, 25 Apr 1996, Lee Fisher wrote:

> I was curious about the below message, and checked...
> 
> MSN uses CHAP (PPP's challenge-response handshake) for network layer
> authetication, and NTLM (Windows NT's challenge-response handshake) for
> application-layer authentication. The password is never sent in across
> the network. Challenge-responses encrypted with the password are sent.

Thanks; that's what I thought.

Never believe anything you're told by tech support. It was pretty clear to
me that the poor undereducated sod had the words "compression" and
"encryption" confused. NTLM isn't perfect, but it's difficult enough to be
secure enough for MSN. You're not doing anything IMPORTANT on MSN, are
you? 

Due to Win95's open memory model, there's probably some system call that a
virus/trojan can use to ask politely for the username and password; in
fact, isn't it the same API that has already been demonstrated? But if you
let such a beast on your machine, all bets are off anyway.

-rich