How does instant messaging work?

When first developed, instant messaging applications allowed individuals to engage in real-time, text-based online conversations. Now, as the technology has developed and with the advent of broadband Internet access, instant messaging applications allow audio, video, and software to be transferred and shared by multiple users. As a messaging system, it is seen as a quicker medium than e-mail, which, in the best-case scenario, will result in a short wait for a response. In many ways, using instant messaging is similar to using a private chat room accessible to only two people.

Most instant messaging platforms are based around the same architectural principle. Client software is downloaded from the Internet and installed on your computer. This contains a configurable contact list, known as a buddy list in some applications. When the instant messaging application first runs, the client communicates with a server, via the Internet. Once the client has accessed the server, you can create your user account. The client then sends computer information such as your IP address, the port number assigned to the client application, and your contact list to the server. This is saved in a temp file and is used to authenticate your account.

When you run the instant messaging application and then log on to the server, the server checks your authentication. How the instant messaging server receives your personal information is a crucial security concern. It is often sent in clear text format or using a weak, easily decoded encryption technique. If a cracker captures such information, your computer and the network it’s in will be open to attack. The server checks if any of the individuals on your contact list are also online. If they are, a message is sent to you with their connection details. You can then communicate with them.

This client server architecture model allows users to transfer information from one client to another via a server, which is responsible for the message delivery. Clients are not directly connected to one another by default, but this facility can be enabled in some clients.

Unlike the client/server model, peer-to-peer network architecture gives authority to the clients to connect to each other directly without the use of a server. All clients can deliver messages and files. In these networks, the client software is aware of the application IP addresses and port numbers of its peers.

Security risks in instant messaging platforms

More and more companies are viewing instant messaging as a potential business medium. However, there are real dangers in implementing instant messaging in a company network. Instant messaging applications were not designed to transfer sensitive material, and most applications still send information formatted in clear text. Although enhancements have alleviated some of the security issues involved with instant messaging, it still attracts much attention from crackers, who view it as a viable option in attempting to compromise company networks. Security issues common to most instant messaging applications include

  • Infected files – Viruses and Trojan horses can access your computer’s file system via instant messaging software, as any individual with an instant messaging account can send another user malicious files.
  • File transfers reveal IP addresses – Crackers monitoring network traffic can gain access to your IP address. Once your IP address is known, crackers could threaten your computer and your network’s integrity – for example, with denial of service attacks.
  • Misconfigured file sharing – File sharing facilities available on most instant messaging applications need to be configured carefully. The security of your business (or business transactions) could be compromised if unauthorized users gain access to sensitive company information. Misconfigured file sharing allocation could allow anonymous instant messaging users access to sensitive documents such as HR information.
  • Unencrypted communication – Information sent using instant messaging is typically unencrypted. Instant messaging protocols do not include a secure layer by default. So you shouldn’t use instant messaging applications to transmit sensitive information, unless you can strongly encrypt this data using third-party software.
  • Copyright infringement – One of the most common reasons for the increased use of instant messaging is the person-to-person sharing of copyrighted material. Users of instant messaging applications can send copyrighted video, MP3, and application files. System administrators should ensure that their networks are free from illegally copied copyrighted material, as stringent fines are imposed on companies that break this law.
  • Social engineering and theft of identity – Crackers will undertake confidence schemes in an attempt to get valid instant messaging users to divulge confidential information, such as their username, password, and credit card details. This process is known as social engineering. With the information gained from such schemes, they can impersonate another user.

Popular instant messaging applications

Each instant messaging application has its own authentication method and security issues. System administrators should be aware of these, and those who suspect that instant messaging may be causing their network to be compromised should act to restrict its use. They will have to deal with the various instant messaging applications individually. The most popular instant messaging applications are

AIM

AIM is the instant messaging application owned by AOL Time Warner. To create a session, the AIM client communicates using port address 5190 with two different servers named OSCAR and BOS. OSCAR is responsible for authorizing clients, whereas the BOS server is responsible for handling the various instant messaging services.

To establish the session, the client sends the OSCAR server a package containing the user’s AOL screen name. This can be decrypted easily, as it is encrypted with only a weak XOR algorithm. When the user is authenticated, OSCAR issues a cookie to a BOS server, which creates a session that stays connected until the user logs off.

A buffer overflow security violation in the AIM instant messaging application has been recently recorded. This buffer overflow allowed a game request to be made to an AIM user, resulting in memory being overwritten with data supplied by the attacker. This attack method could result in the cracker gaining control of a remote machine. The AIM application has been since updated to resolve that problem.

For system administrators, AIM is tougher to restrict than many other instant messaging platforms, as you can configure the port address used for communication through the client application. Therefore, blocking port address 5190 doesn’t guarantee that clients cannot access the AIM server. You can restrict some activity in AIM instant messaging sessions. To disable instant messaging images, you can block TCP sessions on port 4443. However, to disable AIM completely, you need to disable access to login.oscar.aol.com on all ports.

.Net Messenger

The .Net messenger is Microsoft’s instant messaging application and comes packaged with the Windows XP operating system. Its protocol is ASCII-based, and runs on a decentralized network. Communication between .NET clients and .NET servers is conducted using port address 1863. Unlike port addresses in AIM, this cannot be reconfigured using the client software. Any server in the decentralized network can authenticate clients.

Passwords in .NET Messenger are more secure than AIM, as they are encrypted using an MD5 hash algorithm. When trying to log on, the server passes a unique string of characters (a seed) to the client, which appends another string. The result is then hashed with the password by the client and returned to the server for authentication. As all other messages are transmitted in clear text, crackers don’t necessarily need your .NET password to cause damage.

As the port addresses used in .NET are standard and not configurable by the client, it is relatively easy to restrict access to instant messaging services. To prevent file transfers, you disable incoming and outgoing TCP sessions on port address 6891, whereas to prevent multimedia conferencing, you block UDP ports 13324 and 13325. If you want to prevent application sharing, you block the TCP port 1503, and if you want to deny complete access to .NET IM, you refuse access to hosts in the msgr.hotmail.com subdomain and block TCP port 1863.

Yahoo! Messenger

Yahoo! Messenger is regarded as having the weakest security features of all the main instant messaging applications. Usernames and passwords aren’t encrypted when sent to the Yahoo! Messenger server. They are also sent via HTTP and can be stored in HTTP logs. This makes even trying to log on to the Yahoo! Messenger service risky.

Yahoo! Messenger protocol is also ASCII-based and the client sends information to the server and to other clients using port 5050. ASCII information is sent using port 80.

After the username and password are sent in clear text format, the server replies with a cookie that is valid for a certain amount of time. It is very difficult to restrict Yahoo! Messenger services, as much communication uses the web traffic port 80. However, you can try to restrict some of its features. To prevent instant messaging, you block TCP port 5050 and to disable Yahoo! Messenger completely, you deny access to hosts in the “msg.”.yahoo.com subdomain.

ICQ

ICQ, an instant messaging application released in 1996 by Mirablis and now owned by AOL Time Warner, is a binary-based protocol. Like AIM, communication between the client and server is conducted on port 5190, but, unlike AIM, it is not configurable by the client. This makes it easier for administrators to restrict access.

When a user signs onto the ICQ network, their User Identification Number and password are sent in an encrypted packet. However, crackers can easily decrypt this, as the algorithm has been reverse engineered. ICQ is an attractive target for many denial of service and buffer overflow attacks, because of its authentication and encryption deficiencies.

System administrators can restrict access to some of the ICQ instant messaging features. To prevent file transfers, administrators can block TCP sessions on port 3574, and to disable image file sharing, you can block TCP port 7320. If you want to disable ICQ completely, you deny access to host login.icq.com on TCP port 5190.

Summary

Instant messaging applications can perform various functions, and most can transfer files and images and share applications between computers. This is achieved through a server in a client/server model or directly between clients in the peer-to-peer model. A number of security risks are involved when using an instant messaging application. These include transferring files infected with viruses or trojan horses, revealing your IP address, sending unencrypted information, infringement of copyright laws, and social engineering problems such as theft of identity.

System administrators use different methods to secure their networks from violation via instant messaging applications. This can be difficult because in some applications, such as AIM, the client allows users to reconfigure the application’s port addresses. Weak encryption of usernames and passwords together with the transmission of most information in a clear text format mean that you need to be careful of the information you transmit using instant messaging.

Netbooks and how to maximize preformance with Windows

Lately netbooks have become a trend. I just had to get one. I now enjoy an Asus Eee PC 900. Its one of the coolest things I own. Its really light weight, ultra mobile, and perfect for any environment. My battery lasts about 4 hours. It has built in wireless, 900Mhz processor, 1GB ram, and a 16GB SSD.

Because of the slow speed of most ultra portables, Windows OS’s do not preform that well. In fact my Eee came with Linux on it. I elected to put windows on my Eee PC so that I could game a little, I think I should have gone with Ubuntu at this point but that is another story.

With all the crap that Windows puts on your system I will show you how to get your Windows OS, not vista, to preform really well. As proof on concept these below instructions are responsible for my 8 second boot time with Windows XP Pro.
Information has been collected from eeeuser.com written by alfaphlex

1) Install nLited XP
Get rid of Windows junk before even installing it. Follow guides here or here, my nLited copy is less than 300 MB, but you can get it down to less than 200 if you want.

2) Disable paging file*
Right click on My Computer and go to:
Properties->Advanced->Performance:Settings->Advanced->Virtual Memory:Change
Select “No Paging File” and click Set.

3) Disable indexing
Go to into My Computer and right click->Properties on C: drive.
Deselect “Allow Indexing Service to index…”
Select “Apply changes to sub folders and files”(this might take a while)

4) Disable the NTFS Last Access Time Stamp*
Go to Start->Run and type in “regedit”. Hit enter.
Browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem
Right click and New->DWORD Value and name it “NtfsDisableLastAccessUpdate”
Double-click on it and set the value to “1”.

5) System cache*

Cacheset
Download Cacheset
For Cacheset performance explanation, see post #33:

How to restart with your desired Cacheset settings
-Right click on cacheset.exe and “Create Shortcut”.
-Right click on the shortcut and select “Properties”.
-In Target, AFTER the closing quotation, write your min and max desired limits separated by spaces (same you would have set in Cacheset. Should look something like this:
“path/to/cacheset.exe” 4500 100000
– Click “OK” and drag shortcut into Start->Programs->Startup

Memory Usage
Right click on My Computer and go to:
Properties->Advanced->Performance:Settings->Advanced->Memory Usage
Select “System cache”

6) Install a Ramdisk
Download it here. It’s free and has a gui.
Set it to about 192-384mb depending how much you plan to use for firefox/ie caching (steps 7 and 8).
Make sure Media Type is “Fixed Media”.
This will be used for some of the following steps.

7) Redirect TMP/TEMP directories to Ramdisk
Right click on My Computer and go to:
Properties->Advanced->Environment Variables
In User Variables, set TMP and TEMP to “R:\Temp”. Do the same for TMP/TEMP in System variables.

note: “R:” is the default letter for the Ramdisk in previous step. If you set it to a different letter, change accordingly.

8) eeectl
Download it here.
Replace text in eeectl.ini with code in first post of this thread.
The 100mhz fsb gives a noticeable boost to the 16gb drive. Read thread for details.

9) Improve Start up speed
There is a free Microsoft utility that analyzes your entire startup process up until everything is load into Windows. It’s called Bootvis. Download it here.

-Install and run Bootvis

-Go to the Trace menu and select “Next Boot” or “Next Boot + Driver Delays”(if you want to check driver load speed, for now the first option should be fine)

-It’ll show a “Trace Repetitions” window, leave it as it is (set to only reboot once) and click OK. Upon pressing OK, it’ll immediately go into a reboot process, so close/save anything you were doing beforehand.

-Don’t do anything until Bootvis opens again. Make sure the “Process Creates” option is checked on the left side. The “Process Creates” window shows you exactly what applications run at startup and when. If there’s any applications you see starting up that you don’t want, remove it from your startup using either the Registry or MSConfig methods. If there are any applications you’re unfamiliar with, please google it before changing anything as it might be a system application (ie- explorer.exe, svchost.exe, ctfmon.exe).

note- You can just skip the whole Bootvis part and remove startup programs using registry/msconfig methods, but bootvis is helpful in telling you which applications take longer to load, including the ones you might want.

10) Firefox
Type “about:config” in the address bar and hit enter.

cache
You have 2 choices:

a) redirect cache to Ramdisk:
Set “browser.cache.disk.parent_directory” and change value to “R:\cache” (R: is your ramdisk drive).
Set “browser.cache.disk.capacity” to about 50000 (50mb).

if “browser.cache.disk.parent_directory” does exist: right click->new->string->”browser.cache.disk.parent_directory”->”R:\cache”

or

b) disable cache altogether:
doubleclick on browser.cache.disk.enable. It should turn bold and value = false.

precache
Explanation here(at the very bottom of the page)

Set “browser.sessionhistory.max_total_viewers” to 0

11) Internet Explorer
Redirect cache to ramdisk
Go to: Tools->Internet Options->Browsing History->Move Folder
Select your ramdisk drive.
Set disc space to about 50mb.

note: IE7 will log you off automatically after this step.

Edit: If you are intersted in more eee mods then check out: http://beta.ivancover.com/wiki/index.php/Eee_PC_Internal_Upgrades