MSN Messenger encryption algorithm cracked
----------------------------------------------------------------------------
----
SUMMARY
The MSN Messenger Service uses weak encryption for stored passwords. This
algorithm was recently cracked, making it possible for anyone with access
to the computer's registry key that contains the encrypted password to
discover its plain text equivalent.
DETAILS
MSN Messenger Service allows users to save their email password using the
"Save this password so I don't have to enter it every time I log on"
checkbox when trying to logon in the Messenger Service. The email and the
password are stored in the registry key
KEY_CURRENT_USER\Identities\{CLSID of your
identity}\Software\Microsoft\MessengerService\PasswordMSN Messenger
Service
This information can be decrypted using the
<http://wwww.ussrback.com/MSNMS10/> MessengerServiceEmailPasswordDumper
utility.
Solution:
Do not use the 'Save this password so I don't have to enter it every time
I log on' feature.
ADDITIONAL INFORMATION
This information has been provided by: <mailto:[EMAIL PROTECTED]> Luciano
Martins.
========================================
-------
AFLHI 058009990407128029/089802---(102598//991024)
milis ini didukung oleh :
>> http://www.indolinux.com - dunia linux indonesia
-------------------------------------------------------------------
untuk berhenti kirim email ke [EMAIL PROTECTED]
untuk melihat peraturan kirim email ke [EMAIL PROTECTED]
arsip berada di http://www.mail-archive.com/[email protected]
