[JDEV] Jabber Transports - Security issues

mark at mjwilcox.com mark at mjwilcox.com
Thu Nov 2 16:04:24 CST 2000


This is an act on AOL's part to scare users into not using a 
different system because if you're not using AOLs system, then 
you're not getting AOL advertising.

Is there a threat? Yes. In theory, someone could write a transport 
that collected passwords of users as they logged into the 
transports. But then, you can do that now by sniffing the public 
internet because none of the messaging clients encrypt their 
authentication :).

Thus AOL believes most people don't know that fact and will try to 
spread as much FUD as possible, just Microsoft has done. 

Mark

On 2 Nov 00, at 9:12, Mark Zamoyta wrote:

> Hello,
> 
> AOL always brings up security issues when it comes to allowing open access to its IM system.  How does Jabber, or Jabber.org in particular deal with this?
> 
> Obviously AOL / AIM passwords are stored on the server, but how are they encrypted, and who has access to them on the Jabber.org server?   ie. Can any programmer working on transport related code for jabber.org get their hands on thousands of AOL passwords?  Can anyone setting up their own 
Jabber system get access to all the AOL passwords stored on their system?
> 
> Mark
> 


Mark Wilcox
mark at mjwilcox.com
Got LDAP?




More information about the JDev mailing list