[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hack MSN anyone?

To: "'[email protected]'" <[email protected]>
Subject: Re: Hack MSN anyone?
From: Rich Graves <[email protected]>
Date: Thu, 25 Apr 1996 14:55:52 -0700 (PDT)
In-Reply-To: <c=US%a=_%p=msft%[email protected]>
Sender: [email protected]

On Thu, 25 Apr 1996, Lee Fisher wrote:

> I was curious about the below message, and checked...
> 
> MSN uses CHAP (PPP's challenge-response handshake) for network layer
> authetication, and NTLM (Windows NT's challenge-response handshake) for
> application-layer authentication. The password is never sent in across
> the network. Challenge-responses encrypted with the password are sent.

Thanks; that's what I thought.

Never believe anything you're told by tech support. It was pretty clear to
me that the poor undereducated sod had the words "compression" and
"encryption" confused. NTLM isn't perfect, but it's difficult enough to be
secure enough for MSN. You're not doing anything IMPORTANT on MSN, are
you? 

Due to Win95's open memory model, there's probably some system call that a
virus/trojan can use to ask politely for the username and password; in
fact, isn't it the same API that has already been demonstrated? But if you
let such a beast on your machine, all bets are off anyway.

-rich

References:
- Re: Hack MSN anyone?
  - From: Lee Fisher <[email protected]>

Prev by Date: Re: [NOISE] The Iron Mountain Report
Next by Date: Re: Golden Key Campaign
Prev by thread: Re: Hack MSN anyone?
Next by thread: Re: (political) Privacy, Regulatory Arbitrage, Free Speech
Index(es):
- Date
- Thread