Announcement

Collapse
No announcement yet.

Trillian Vulnerability - Security Flaw Found in Trillian IM

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Trillian Vulnerability - Security Flaw Found in Trillian IM

    Lets see here,
    It looks like Trillian has a new Securiity Flaw , are they doing anything to fix this?

    Nope!

    Trillian is an instant messaging (IM) software which allows users to interact with people using many different IM services, such as AOL Instant Messenger and MSN Messenger, using just one instant messaging client (Trillian) instead of having to run each instant messenger software for each service separately.

    A large number of people use Trillian, and not surprisingly, as it has been estimated that at least 25% of home users instant message with people on at least two different IM networks at the same time.

    The security hole discovered in Trillian will allow a malicious hacker to shut down programs running on the target machine, and even to take control of the entire computer.
    "640k ought to be enough for anybody"
    -Bill Gates, chairman of Microsoft, 1981

    ^^Ha Ha Ha He He He He Ha Ha Ha ^^

  • #2
    If you will notice all/most of the news posted in here are backed up by facts. Would it not be better if you have posted a link/news in support of this claim?

    BK
    Temet Nosce

    Comment


    • #3
      You probably don't need to explain what Trillian is to people on this forum. If they do need it explained then they shouldn't be here....

      LosT

      Comment


      • #4
        Originally posted by LosT
        You probably don't need to explain what Trillian is to people on this forum. If they do need it explained then they shouldn't be here....
        Heh-heh :-) I think BK wanted a link to the story of the security issue.

        Comment


        • #5
          Yes, I do know Trillian but I dont use it :)
          Cotman is right, I am looking for the link to the story of the security issue not that I can't google for it. I just thought it would be a "stronger" post if he included it.

          My apologies if I came out as a prick.
          BK
          Temet Nosce

          Comment


          • #6
            I read an article a while back posted on a website, which explained how easy it is to decrypt the passwords stored in the ini files for trillian. It was simplistic enough that it could be done mentally without much skill.

            I believe the characters are stored in hex and then an offset for the entire password. Once you had the offset you just converted the hex and then added or subtracted the offset.

            Trillian is far from really secure. I also read an article recently about the encryption for secure IM not functioning correctly on Trillian.

            I didnt find the exact article I was looking for, but heres one on the simple decryption.

            Comment


            • #7
              LOL ! ! !

              Why are they making programs who are so badly secured???

              Its like you dont lock youre door when you go home because you supose that nobody will try to get inside youre house because they probebly think the house is locked.
              "We make use of a service already existing withot paying for what could be dirt-cheap if it wasn`t run by profiteering gluttons. and you call us criminals"

              Comment


              • #8
                Originally posted by jonblund
                LOL ! ! !

                Why are they making programs who are so badly secured???

                Its like you dont lock youre door when you go home because you supose that nobody will try to get inside youre house because they probebly think the house is locked.
                Wait, what? It's not like the developers decided they didn't want a secure program..
                - Programmer -

                Comment


                • #9
                  Sorry guys lol im new to this forum and i didnt know what you guys would expect for me to post with my topic from now on i will post backups towards my story.

                  Also lol im sorry for explaning to you guys what trillian is , i just wanted to make sure everyone was aware !
                  "640k ought to be enough for anybody"
                  -Bill Gates, chairman of Microsoft, 1981

                  ^^Ha Ha Ha He He He He Ha Ha Ha ^^

                  Comment


                  • #10
                    But why are they making it so easy

                    Originally posted by d3ad1ysp0rk
                    Wait, what? It's not like the developers decided they didn't want a secure program..
                    But why are they making the password so easy to crack.


                    Its like writing down the nuber to lock up you house door in letters.

                    Tife1: "OOO NO! they have a security lock on the door"
                    Tife2:"but what is this note on the door, The password to the keypad is Two, five, nine, seven"

                    Thats not very hard to crack that code and know that you shall punch in 2597 on the keypad and wola! the door is open.

                    Its easy to find out what a word will be in ASCII, you dont need mush brain.


                    So why are they making the program so easy to crack.....
                    "We make use of a service already existing withot paying for what could be dirt-cheap if it wasn`t run by profiteering gluttons. and you call us criminals"

                    Comment


                    • #11
                      Originally posted by jonblund
                      But why are they making the password so easy to crack.


                      Its like writing down the nuber to lock up you house door in letters.

                      Tife1: "OOO NO! they have a security lock on the door"
                      Tife2:"but what is this note on the door, The password to the keypad is Two, five, nine, seven"

                      Thats not very hard to crack that code and know that you shall punch in 2597 on the keypad and wola! the door is open.

                      Its easy to find out what a word will be in ASCII, you dont need mush brain.


                      So why are they making the program so easy to crack.....
                      Convenience vs security maybe? If the password wasn't stored on your computer at all, it'd be the best solution. But they need a way to allow users to save passwords, and in turn just send the server that password when they sign on instead of requiring one. This means they need to have it on your computer, and unfortunately, it can't be one way encryption, because they need to unencrypt it when sending it.
                      Unfortunately they picked a bad encryption algorithm, and they'll probably rework that on the next release.

                      No one way encryption is entirely safe, this was just, more unsafe than most.
                      - Programmer -

                      Comment


                      • #12
                        d3ad ur right but i dont belive any Chatting Service provides such security, or even does one way encrypson. Or maby im wrong?
                        "640k ought to be enough for anybody"
                        -Bill Gates, chairman of Microsoft, 1981

                        ^^Ha Ha Ha He He He He Ha Ha Ha ^^

                        Comment


                        • #13
                          If you're talking about sending messages between computers, only one I can think of does; Hush messenger, which uses PGP encryption.
                          If you mean when saving passwords to not have to re-enter them everytime you login, every program does.
                          - Programmer -

                          Comment


                          • #14
                            I used trillan once and it was crap.. (long time ago).
                            I've been using gaim for about.. 4 years or more now.. and it's great. Lately with the gaim encryption plugin or just tunnel its plenty secure for my 'chats'. Checkout SILC gaim/ SILC irssi for a great crypto and more chat protocol.

                            ---"But why are they making the password so easy to crack. "
                            They arn't.... its just inherently insecure.

                            ---"Why are they making programs who are so badly secured???"
                            A machine with good security is hard enough, when you introduce a network aspect.. the job is MUCH harder.

                            --"Its like you dont lock youre door when you go home because you supose that nobody will try to get inside youre house because they probebly think the house is locked."
                            Please take a critical thinking class...

                            I don't mean to make anyone look stupid.. But please think before you post.
                            Its like in grade school.... First ask your peers... Then ask your group, then you can ask the teacher....
                            Only here (and hopefully elsewhere)... Its First consult a friend, then ask google / wikipeida then if you still can't figure out your question/problem... post it here... [/rant]
                            The only constant in the universe is change itself

                            Comment


                            • #15
                              I have nothing agesnt gaim just i dont like it when u click the 'x' on the contact list it closes the application.

                              But also i didnt like features but ill try to downlaod it again last time i used it was about ..... 1 year ago i belive :S !
                              "640k ought to be enough for anybody"
                              -Bill Gates, chairman of Microsoft, 1981

                              ^^Ha Ha Ha He He He He Ha Ha Ha ^^

                              Comment

                              Working...
                              X