It seems Warner prog is still working, though your colleagues fixed the possibility AIM sns LOGGED THROUGH AIM to be able to warn uins (partial fixes ain't no fixes). You can warn uins through Warner prog.
Probably you know that there is a prog called QIP (www.qip.ru).
It has a very nice feature which ******* liked as an idea even for ICQ.
The QIP Antispam BOT is an Anti-Spam system supposed to prevent from receiving unwanted spam messages by asking remote users some simple question. This system works for users not on your contact list only. Users can't send messages to you until they give the right answer.
All previous versions of QIP having the Antispam bot feature are vulnerable. In QIP build 7820 there is a protection against being warned.
If Warner prog gets modified and allows sending msgs from AIM sns to the uin to be warned, then you will have an effective tool that will let you warn uins logged through old versions of QIP or ICQ including such feature with the antispam bot turned on up to 100% warning level. 10 AIM sns are enough to do that (or even less, because you may warn several times with one AIM sn if you log in, warn and log out, and then log in again).
So, I think the possibility AIM sns to be able to warn uins should be FIXED COMPLETELY. ICQ is NOT AIM after all.
2) Another problem in front of Compad: Many of your colleagues have INVALID DB FIELDS accounts.
ICQ-Compad uses secure MD5 login.
So as far as an "INVALID DATABASE FIELDS" account means that the account is VALID and that it is technically IMPOSSIBLE to SIGN in to the AIM/ICQ service by the MD5 login method, those of your colleagues having such ICQ account won't be able to log in them even if they associate Compad IDs to those uins.
( Here is a small post about INV DB fields accounts:
There are FIVE TYPES of AIM/ICQ accounts:
1. DELETED
2. UNREGISTERED
3. SUSPENDED
4. GOOD
5. INVALID DATABASE FIELDS
An "INVALID DATABASE FIELDS" account means that the account is VALID and that it is technically IMPOSSIBLE to SIGN in to the AIM/ICQ service by the MD5 login method. The registration date of all the "INVALID DATABASE FIELDS" accounts is indicated as Thu Jan 01 1970 00:00:00, i.e. an incorrect date. Why namely Thu Jan 01 1970 00:00:00? Because under most UNIX versions the time and date corresponding to 0 in the operating system's clock and timestamp values is 00:00:00 GMT, January 1, 1970
The "INVALID DATABASE FIELDS" accounts most likely are a result of some unknown ICQ bug or a result of several ICQ bugs.
The new versions of AIM (http://www.aim.com) use only the MD5 login method. All the official ICQ clients (http://www.icq.com/download) do not use the MD5 login method.
Therefore, any hacker may sniff the icq password of an ICQ user using the official ICQ clients. There are ICQ clients coded by talented programmers which use the MD5 login method (http://www.qip.ru). However, since it is technically IMPOSSIBLE for the owners of the "INVALID DATABASE FIELDS" ICQ accounts to SIGN in to the AIM/ICQ service by the MD5 login method, there is a certain risk of ICQ identity thefts by hackers.
Currently there are 1627 "INVALID DATABASE FIELDS" five digit ICQ numbers and 414 "GOOD"five digit ICQ numbers. Therefore most valid five digit accounts (meant to be owned by people working in AOL/ICQ) are namely "INVALID DATABASE FIELDS", i.e. defective accounts. The five digit uins were not distributed in a sequential order. There are only 2041 valid registered uins in the range ICQ#10000-ICQ#99999.
Currently there are 56779 "INVALID DATABASE FIELDS" six digit ICQ numbers and 802683 "GOOD"six digit ICQ numbers. The six, seven and eight digit uins were distributed in a sequential order. They were meant to be owned by ordinary ICQ users.
On the 7th of Nov 2000 an ICQ bug occurred and all uins in the range ICQ# 97201443 - ICQ#109999999 were registered as "INVALID DATABASE FIELDS". ICQ#109999999 is the last "INVALID DATABASE FIELDS" account. ICQ#110000000 was registered on the 1st of March 2001 as a "GOOD" account.)
Now when a compad user send a message to a hotmail/msn user the latter may reply/ or spam report the compad user. There is a
link that looks like that:
https://labs.icq.com/compad/im2email/email2im.php?cpdata=ED3D7ED176C8178EB1EA557D80135A6B36E81CF881F52E2AA3D11D0E8
9E266192C2569DFFBFE80C10E7B8D6454BCECD87A5161678EBAFBA89682E6E0B3CF2C1C17AF301B2B58E97858F74
This link DOES NOT expire and there is a risk that it may be used for:
1. social engineering purposes by a person who has an access to such link (he may pretend to be the hotmail/msn use and the
compad user may be deluded)
2. it may be used to SPAM the compad user by pressing it numerous times.
On the other side, though the spam report link was fixed, I think it does NOT expire too and I think that is not the best solution.
2) ICQ-ComPad allows checking if a certain e-mail is associated to an uin. An email associated to an uin allows login to ICQ services
using either your ICQ number or email address.
In order to associate an e-mail (it seems that now it is possible to associate more than one e-mails to an uin) to an uin you may use
this URL:
http://www.icq.com/register/email_attach.php
Once the e-mail is associated to an uin you may check which the uin to which a certain e-mail is associated is by a simple search by
e-mail in ICQ-ComPad Search panel. If you search for the same e-mail through other ICQ clients Search panel you won't find any
results.
3) There is a feature or a bug with importing users from msn messenger list in compad.
When I run msn messenger and import my contacts from msn messenger into compad's address book some of the msn users are
interpreted as uins.
For example in msn I have an user from ****** ********@msn.com
When I open my compad id's corresponding uin in ICQ 5 or QIP I can see this msn contact as an icq number 2754**686 with nick
*************, maybe because that icq user has *********@msn.com as a hidden primary e-mail.
It seems sometimes the msn accounts are interpreted as uins.
4) There are two jerusalem "unique" compad ids when you search for jerusalem. The deleted compad id account is not like deleted
uin. It can be registered again. And the deleting of a compad id does not lead to the deletion of the corresponding uin, that's why that
uin remains in the database as the deleted compad id. That's why there are two jerusalems. Deleting accounts is a big mistake, because it might lead to serious bugs.
Justin Uberti, chief architect for AIM, explained on a Weblog that the amount of IM traffic on the AIM network "is on the order of hundreds of gigabytes a day."
"It would be very costly, and we have no desire to record all IM traffic. We don't do it," Uberti wrote.
For AIM users who remain distrustful, Uberti pointed out that the application offers Direct IM (aka Send IM Image) and Secure IM in all recent versions.
"In other words, you can send your IMs in such a way that they never go through our servers, and/or are encrypted with industry-standard SSL and S/MIME technology. I know this since I designed these features. There are no backdoors; I would not have permitted any," Uberti said.
However, there is still a BIGBROTHER text in AIM PRIVACY POLICY- it is expressly written in AIM PRIVACY POLICY
http://www.aim.com/tos/privacy_policy.adp
that "Your AIM information, including the contents of your online communications, may be accessed and disclosed in response to legal process (for example, a court order, search warrant or subpoena), or in other circumstances in which AOL has a good faith belief that AIM or AOL are being used for unlawful purposes. AOL may also access or disclose your AIM information when necessary to protect the rights or property of AIM or AOL, or in special cases such as a threat to your safety or that of others."
The problem is "How will AOL be able to disclose the contents of your online communications in response to legal process as long as the instant messages are not being recorded by AOL?"
there is a bug with icq boards, when you use the link below and change the uin in the link, you may see the old nick of the icq user.
For example an account- ICQ#21070 of a woman named Hedva Konolly. How we can check that the uin belonged to Hedva, just press
http://icq.com/boards/view_posts.php?uin=21070
and Hedva's name appears as long as the buyer has not logged through the web and changed the account info.
Another example http://icq.com/boards/view_posts.php?uin=111111111 and ICQ#111111111's current details, while there should be a synchronization.
This bug may be used for example to check if the ex-nickname is not = password, or if the account has changed the owner, etc.
I just found something very silly in the new whitepages
http://www.icq.com/people/about_me.php?uin=87654
take a look at the right
all users can see the message sent to srull
while it should be a private one and be seen only by the receiver
****** (19:35:19 5/04/2006)
I can post from ANY uin
ICQ Account: 110000257
Registered: Thu Mar 01 2001 01:33:10
-------------------------------------------------------------------------------------------------------
Possible Regdates of the invalid database fields accounts in that range:
98000000-14 nov 2000, 99000000-23 nov 2000, 100000000-2 dec 2000, 101000000-11 dec 2000, 102000000-20 dec 2000, 103000000-29 dec 2000, 104000000-7 jan 2001, 105000000-16 jan 2001, 106000000-25 jan 2001
ICQ Account: 97201421
Registered: Tue Nov 07 2000 10:11:30
all of the accounts regged inbetween are regged normally by ordinary users
adn all of them invalid db fields
not even one good account
which means millions of users got buggy accounts nov 2000-march 2001
l have been sent an unprotected by username and password QA site:
http://www1.il.icq.com/flicq/
there is a debug console that allows ANYONE see how flash icq2go works.
Another strange site containing pics from 2001:
http://www1.il.icq.com/webmessage/
1. You may read more about the old style ICQMail story here:
http://company.icq.com/info/press/press_release29.html
If you have used the old style ICQMail maybe you have noticed that when an ICQ user tried to register a new ICQMail it was very hard to select an available ICQMail username.
2. The new style ICQMail story can be found here:
http://www.mail2world.net/net/company/pr11-22-2004.asp
The ICQ users now can easily select an available ICQMail username like india@; writer@, etc.
In November 2004 a Turk found a bug in the new "improved" ICQMail service that helped me find an explanation of the above stated difference between the old and the new "improved" ICQMail. Because of some people's ignorance that Turk could HACK A N Y ICQMail account and attach it to a new ICQ account. He hacked even admin@icqmail.com. In the Options of admin@icqmail.com one could find the management of the ICQMail, the administrative panel itself.
For some weird reason that Turk decided to test something.
At http://www.aim.com/help_faq/forgot_password/password.adp he retrieved the password of AIM screennamed uin3 to uin3@icqmail.com. Thus it was found that when an ICQ user used the old style ICQMail and registered a new ICQMail username this action resulted in an automatic registration of a same-named AIM screenname . (For example the registration of user23456@icqmail.com resulted in the unintentional registration of AIM sn user23456 )
Because AIM is older than ICQMail and because there were many AIM screennames already registered it was hard for an ICQ user to select an available for registration ICQMail username.
That Turk being able to hack any ICQMail retrieved the AIM screennames' passwords corresponding to ICQMails attached to certain ICQaccounts. All passwords looked like p_********. He eliminated the first two symbols, namely p_, and there were the passwords of the targeted uins, namely ********. (This is applicable if after the ICQmail registration the uin's password was not changed by the ICQ user.) ( For example if ICQ#473562356 is attached to user23456@icqmail.com then if AIM retrieval of the password of AIM sn user23456 sent to user23456@icqmail.com showed that AIM sn user23456 has password: p_ertyui, the conclusion is that 473562356 has password: ertyui )
Using this method today I was able to retrieve the password of my favourite AIM screenname mirabiliarius (which was actually always mine). In the past I registered (my favourite AIM sn) mirabiliarius@icqmail.com and I thought I registered only an ICQMail username, not something else. However, as I said this lead to the registration of the corresponding AIM sn.
It seems that the old style ICQMail has worked like an AOL mail.
The new style ICQMail works independently and does not create AIM screennames.
Later the Turks made an icqmail bruteforce prog and using it they found that the old style icqmails have some universal common password (which I don't know because I am not in good relations with Turks).
There was a bug at icqmail which I reported to ******** in the past- when you fill your uin and try an incorrect password at icqmail.com then an error + the real icqmail attached to that uin appearred. That was fixed but that method let the Turks to collect lists of icqmails attached to uins.
Here is an explanation of the Turk about p_ thingy that I've got:
******** (19:38:01 30/06/2005)
and i found why icqmail adds p_
я знаю инглиш но мне впадлу переводить http://elite.bombing.ru/pub/ - ссылка которая была найдена в информации одного из друзей контакта 12111 elite
при переходе по ней выдало страницу с вышеуказанным текстом
Ничего страшного в этом номере нет. Развели тут панику.
AOL просто в ближайшее время вводит систему защиты от спама, который так вас всех достал. Всего лишь скинете "полицаю 12111" номер, с которого вам пришел спам - и вуа-ля! - на нем уже будет стоять "черная пометочка". Когда подобные номера будут набирать определенное установленное число "штрафов" - произойдет анрег.
Информация от Стива Дугласа, ведущего координатора компании AOL.
зы: это вкратце. мне честно лениво дословно переводить письмо Стива.
