Live Messenger Conversation Privacy & Security

Hi all,

There are so many MSN conversation sniffer ads on the Internet. A search
with keywords: 'msn sniffer' returns 514,000 results. The first results says:
"MSN Sniffer - Caputre MSN chate on your network".
Apparently MSN chats can be intercepted on local networks. This seems to be
a very serious issue, but there seems to be no solution for this, and all
major IMs send plain-text.

Can anyone comment on this?

Greetings Howard,

Messenger conversations are sent in plain-text and as such, if network traffic is passing by
a node on a local network, it can be sniffed.

If this is rather troublesome, you can use something like Simp to encrypt the traffic:
http://www.secway.fr/us/products/simplite_msn/home.php

--
Jonathan Kay
Microsoft MVP - Windows Live Messenger
MSN Messenger/Windows Messenger
MessengerGeek Blog: http://www.messengergeek.com
Messenger Resources: http://messenger.jonathankay.com
(c) 2008 Jonathan Kay - If redistributing, you must include this signature or citation
--



"Howard" <Howard@xxxxxx> wrote in message
news:0659C33B-8F72-446E-BBE5-002890B01E07@xxxxxx

Hello Jon,

Thanks a lot for the reply. Encryptions certainly will make the conversation
safer but they are required on both sides. This is quite impractical since I
cannot command all my contacts to install the same software... : (

So I'm wondering if Microsoft has any plan to add encryption capability
(preferably by default) to Live Messenger?

Also, will web-based messengers (such as meebo, webmessenger.msn.com, etc)
make at least outgoing texts from my side safer?

Cheers!


"Jonathan Kay [MVP]" wrote:

Hi,

I can't speak for the third-party web clients, but most are not using encryption either.

Is there plans to add encryption to Messenger itself? Unknown, plans haven't even been
finalized for the next release yet.
However, I can tell you that it's certainly something on the table and hasn't been discounted
yet (which I'm pleased to say for a change).

--
Jonathan Kay
Microsoft MVP - Windows Live Messenger
MSN Messenger/Windows Messenger
MessengerGeek Blog: http://www.messengergeek.com
Messenger Resources: http://messenger.jonathankay.com
(c) 2008 Jonathan Kay - If redistributing, you must include this signature or citation
--


"Howard" <Howard@xxxxxx> wrote in message
news:A105380A-9E24-4E31-88C0-37889F747609@xxxxxx

Howard wrote:
Do the sites use SSL? (I don't think webmessenger.msn.com does). If not,
then no. This traffic-sniffing problem isn't a instant messenger issue, it
is trivially easy for a knowlegeable person to capture web traffic on a
network unless that traffic is encrypted.

Even with SSL, the issues remain:
1) do you trust the website you're using? (your "etc" above can cover a lot
of ground, not all of it safe and well-lit).
2) it still isn't encrypted at the other end if the other end doesn't
support encryption. The whole of the conversation can be captured by someone
sitting in the right place.