[unisog] MSN Messenger - two questions

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Tue Feb 20 20:59:17 GMT 2007


On Tue, 20 Feb 2007 12:46:15 PST, Alan Rothenbush said:
> Question 1:

> Are my concerns unfounded ?

Not totally.

> (My response "they're all wrong" to the statement "every other university does 
> it" doesn't seem to be enough of an explanation)

The *biggest* problem isn't any insecurity of the protocol or the servers
itself - the problem is that you're sharing the server with 200 million
other users, a lot of who think it's funny to send "ooh shiny" links that
download nasties when clicked....

> Question 2:
> 
> If it turns out I have to do this, any tips for keeping things safe ?

Have you considered running your own Jabber server?  That's nice and secure
when properly configured, and has the added benefit that *you* control
the authentication - so if somebody posts a wonky URL, you *know* who
to go have a chat with....

(We run a Jabber pilot project locally - it comes in handy when you have
a channel defined for the help desk and second-level people, and another
that is NOC staff and network engineers...  "Yo, anybody know why Wi-fi on
the 3rd floor of Smith Hall just fell over?" :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.sans.org/pipermail/unisog/attachments/20070220/d92be3d3/attachment.bin 


More information about the unisog mailing list