[Juser] Federation

Malone, Pat pmalone at lsil.com
Thu Sep 1 14:38:50 CDT 2005


>Viruses are not likely to be able to SPAM anybody. To connect to an 
>other server (and send messages, presence, etc.), a server needs a valid 
>DNS resolvable name and zomby machines don't have that. This is our big 
>strength over the SMTP world.

Viruses (and worms) are, I think, a possibility, especially from a client
perspective.

Being open source, it would be easy for a black-hat to write a small XMPP
client.
Include code that scans a system looking for standard client config data
that will
include (in many cases) saved passwords.
Package it all together in a bundle that installs the black-hat client,
finds all
config data and accounts, logs in to the victims account to get their
roster, and then blast the package out
to all roster contacts, as well as sending SPIM.  This would probably
require the use of file transfer.  But as
more attention is paid to the protocol, buffer overflows or other
vulnerabilities may well show
up that will just allow a crafted XMPP packet to allow the spread,
especially given the ability
to add plugs to clients.  Alternately, this could be spread via email
distribution.

The same model (small SMTP client and email contact scanner) is active today
in the SMTP world.

Pat






More information about the JUser mailing list