[JDEV] Jabber Transports - Security issues
mark at mjwilcox.com
mark at mjwilcox.com
Thu Nov 2 16:04:24 CST 2000
This is an act on AOL's part to scare users into not using a
different system because if you're not using AOLs system, then
you're not getting AOL advertising.
Is there a threat? Yes. In theory, someone could write a transport
that collected passwords of users as they logged into the
transports. But then, you can do that now by sniffing the public
internet because none of the messaging clients encrypt their
authentication :).
Thus AOL believes most people don't know that fact and will try to
spread as much FUD as possible, just Microsoft has done.
Mark
On 2 Nov 00, at 9:12, Mark Zamoyta wrote:
> Hello,
>
> AOL always brings up security issues when it comes to allowing open access to its IM system. How does Jabber, or Jabber.org in particular deal with this?
>
> Obviously AOL / AIM passwords are stored on the server, but how are they encrypted, and who has access to them on the Jabber.org server? ie. Can any programmer working on transport related code for jabber.org get their hands on thousands of AOL passwords? Can anyone setting up their own
Jabber system get access to all the AOL passwords stored on their system?
>
> Mark
>
Mark Wilcox
mark at mjwilcox.com
Got LDAP?
More information about the JDev
mailing list