Thursday, April 16, 2009

Expoliting the MSN protocol

This is a post where I am not going to say anything :) I'm not going to say what we have found, what we can do and how we do it, but let me explain the problem.

Many Police Agencies have an interest in where a particular Internet user may be located and to achieve this, detecting their IP address and then asking the ISP for user information is a great way to do it. It is no secret that some Agencies monitor chat rooms and ingratiate themselves with known offenders on Instant Messaging (CEOPS invited the BBC in last year to discuss this), however chat using something like Windows Live Messenger proxies and anonymizes at Microsoft meaning a whole load of paperwork is needed to get the actual subjects IP.

Well that's the problem and Microsoft say that there is no way to circumvent this issue. If you are in this position and would like to discuss the 'problem', you know where to find me.

No comments: