Jump to content

aimfight

joerdz

By joerdz
in Computer Science

 Share

Recommended Posts

joerdz

joerdz

Posted
Posted

So aim provides this 'service' called "aimfight" at http://www.aimfight.com where you plug in two screennames and it compares the amounts of buddies existent in 3 friend levels. (or something along those lines).

 

Here is the thing, you dont have to be an aim member in order to do the comparing. So, what is the trick behind it?

 

It doesnt seem like aim would provide a passwordless way to retrieve the number of names in a user's buddy list.

 

My point is, isnt this potentially dangerous in that crackers could retrieve 'buddy names' from a user's list without the need of a password? Or could this mean that people could actually message their friends without having to be logged in? what about being able to check user's profiles without to be signed in?

Psion

Psion

Posted
Posted

0_0!!

 

*checks link*

holy crap my ex has over 6000.

 

yeah with a bit of work it could be done.

I think that thing that might be complicated is who's whom's friend?

jutntog1

jutntog1

Posted
Posted

You are slightly confused, aim fight does not check you buddy list, it checks other peoples buddy lists for you sn. and it only checks that on people online, so you can see there is no potenional for any security holes crackers could abuse.

Psion

Psion

Posted
Posted

hmm...

 

i see a hole I think.

 

let me think about this...

 

ME = Target

 

it has a few choices here.

go to server and check for people who have my name on their buddy list

or go to my buddy list and check how many people on my buddy list have me on their list.

 

either way, there is a supposed way to link up who you have spoken to before, or those who have you but never spoke to you.

 

this leads a connection from one person to you.

 

so i'm assuming there's a way to figure out who has you on their list.

 

the application is looking at some database with people who are connected to you.

 

i think there is a limit on how many people you can have on your buddy list so that would mean that it goes to a server and checks out how many people have added you to their buddy list.

 

i probably shouldn't be discussion this but I hate AOL. :D

 

so i'm guessing it would work like this.

 

1. input AIM_NAME

2. Search through database for AIM_NAME

3. Retrieve count of the users

4. Add up total count

5. display

 

between 2 and 3 you will find who has you on their list.

=========================================================

I'm sure with some manipulation you could find out who has you on their list.

 

That's the only open thing I see.

 

Kinda makes me think that your buddy list isn't password protected then.

I mean if the server can access buddy lists and you don't need a password, then there isn't a password protection around buddy lists.

 

There's probably some type of encryption though. Maybe? Heh. I'm sure someone will see this post.

 

I guess when a person logs in on AIM then it just recognizes that you signed on and displays your buddy list because the server is told to retrieve it since you logged into (oscar)? i think it's oscar or something.

 

i'm guessing the only thing that is password protected is sending and recieving messages. Also, profile info and other user details.

5614

5614

Posted
Posted

What is THE most popular AIM name? If you enter "bob" it says "AIM top 5%"... but what name is THE most popular?

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.