One security issue of note with ICQ...
Everytime I used ICQ in 1999, a group of xxx.icq.aol.com servers
immediately began port scanning me. At first it appeared that the port
scans were coming from one central source, but toward the end of the year,
it appeared that more machines were brought online as port scanners.
I emailed ICQ and AOL multiple times about their abuse of service, but
received no responses. Last time I checked my logs, they were still in
the business of port scanning their customers. I can only assume that
this is their unofficial IS policy, as they've ignored my EMails and
continued trying to hack my network.
So from a security point of view, not only do you have to worry about ICQ
users hacking your network, but you also have to worry about ICQ and AOL
employees, who are privy to ICQ security info, hacking you also.
Until ICQ and AOL decide to police their own, we should treat them as we
would any organization that passively allows hackers free and unrestrained
access to their resources.
Jack Dingler
Roger Marquis wrote:
> Are there any white papers or policy documents on ICQ (& IRC)? I
> have a client who is concerned that their employees are sending
> proprietary information (in clear text) through AOL's www.icq.com.
>
> By way of policy their website lists only disclaimers and CYAs
> (http://www.icq.com/legal/privacy.html):
> <snip>
> --
> Roger Marquis
> Roble Systems Consulting
> http://www.roble.com/
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
