Log in ...Tribune: IT supplement of The Tribune, Chandigarh, India. Feature page

Monday, December 2, 2002		Feature

IM not safe. Am I?
Vibhor Sood

INSTANT messaging (IM) refers to the capability to send an immediate, text-based message to another user on a computer network. As instant messaging use grows, so do business concerns about security, authenticity, and encryption. Business users will make up nearly half of the 506 million IM users expected online by 2006, say IDC researchers. As business use increases, corporate network managers shudder at trying to control data travelling over public IM networks. Because users can activate IM themselves, IT managers are in a bind as to who would grab sensitive data. Also, virus writers have begun to explore public IMs as a new way to spread their malicious programs. Companies that wouldn’t dream of conducting business through public, Web-based e-mail, now worry that employees are sending unrestricted messages on public programs from AOL, MSN, and Yahoo!

Let us have a look at ways how a system administrator as well as a user can protect IMs in the three most popular instant messengers, AOL, MSN and Yahoo!

AOL messenger

AOL is the most popular instant messenger with over 43.6 million users worldwide and therefore is hacker’s favourite. Here are some tips that can protect you while you chat using AOL messenger (AIM).
File transfers or engaging in file transfers can reveal your IP address. To prevent file transfers, administrator should disable all incoming and outgoing sessions on port 5190. To disable AIM completely, access to login.oscar.aol.com must be denied at all ports. This prevents the user from authenticating an Oscar server hence not being able to use AOL services.

To block, go to Privacy Preferences in your AOL Buddy List and choose Block. Here, you can also opt to ignore all incoming messages from anyone who isn’t already on your list. All AIM’s logs reside in the folder located in C:\ Windows\ AIM95\ your username. The program keeps a log of buddy list and any file transfers you made using AIM. Delete contents of that folder to eliminate conversation history.

Protect your IP. Go to the AIM Preferences window and select the Privacy tab. Uncheck the box labelled "Allow users to see how long I’ve been idle," go to the section titled "Allow users who know my e-mail address to find," and select the radio button labelled Nothing About Me.

.NET messenger

The .NET messenger uses the decentralised network that is any server in the .NET network can authenticate the user. Currently all .NET server are in the msgr.hotmail.comsub domain contacted via port 1863. The user cannot change this port. The .NET messenger uses more security than AIM. It uses MD5 algorithm for encrypting password that makes retrieving the password difficult. All other messages are sent in text format though no encryption is there.There have been cases when the users shared files amongst themselves and those files later turned out to be viruses or Trojans. To disable file sharing, disable outgoing and incoming TCP connections on port 6891.

Application sharing gives users access of a computer to someone else. The other user can then choose to run whichever programs he deems fit. This can be a security disaster. To disable application sharing block TCP port 1503. To disable .NET messenger deny access to hosts in the msgr.hotmail.com and block TCP port 1863.

The user can demand that others receive users permission before they add him to a contact list. To block all buddies from seeing that you’re online, and instantly access a list of everyone who has added you as a pal, click Block in the toolbar in the conversation window or in the main window, right-click the contact’s name, and click Block. To see who has added you to a contact list, click Tools > Options > Privacy > View. If you don’t recognise users on that list, you can quickly block them from contacting you or seeing your online status.Messenger doesn’t log chats automatically, although you can save individual threads by clicking File > Save in the chat-message window. You can later delete any conversation logs you save by dropping the icon in the Recycle Bin. If a hacker gets your IP address, you might as well pack up and call it a day. What can you do to make sure you’re not broadcasting your IP to shady hackers? Go to Tools>Options>Preferences. Uncheck all three options ("Run this program when Windows starts," "Allow this program to run in the background," and "Show me as away") that appear under the General header.

Yahoo! messenger

Yahoo! messenger has the weakest security amongst messengers. It does not encrypt the password and username making it risky to even log onto the system. Moreover, all information is sent via HTTP protocol that allows information to be stored in HTTP proxy logs.

Suddenly besieged by messages from someone who wants you to check out XXX content? Either click the Ignore User button in the instant-message window or select Login > Privacy Settings > Privacy to add his Yahoo! ID to your list. You can also choose to ignore anyone who is not already on your contact list. Make sure you store history logs at a different location. Go to Login > Preferences > Messages to disable archiving. When you register with Yahoo!, your IP address is stored in the company’s registration database. Go to login>My profiles. Click on edit profile button. When the Web page downloads then click the check that says, hide my online status from other users. After this click Finished editing button and you are safe and secure. It is somewhat difficult to disable Yahoo! messenger completely because much of its traffic looks like Web traffic as it uses the HTTP protocol. To block instant messaging block TCP port 5050.To disable Yahoo! messenger completely, deny access to hosts all access to *.msg.*.yahoo. com sub domain.