First time here? Check out the site's "greatest hits" or read a post from the archives. Feel free to leave a comment or ask a question, and consider subscribing to the latest posts via RSS or e-mail. Thanks for visiting!
Do you Tweet? Follow me on Twitter @shanselman or learn how to use Twitter!
« Continuous Integration for .NET - Patric... | Main | The definition of Ubuntu - Marketing the... »

MSN Messenger Encryption and Privacy

Posted 2005-04-25 12:18 AM in Reviews.

Here's a very shiny program, Secway's SIMP MSN IM Security Solution. Mark Hammond turned me onto it, and it's very slick.  It's slick for a few reasons.

  • It flat out just works. This is partially because of its interface, and partially because of it's architecture.
    • It's a local SOCKS proxy server that sits between your MSN Messenger and the service. This makes the application transparent to MSN Messenger.
    • It also works with Trillian, which, as an aside, is a program that Patrick Cauldwell swears by, but I just haven't been able to get into. Maybe I need to try again?
  • It makes security easy.
    • The most difficult part of security is key creation and exchange. SIMP makes both a snap.
    • It doesn't handle identity, you say? It doesn't need to; it's already handled by the fact that you're logged into your IM Account!

I'm setup on SIMP with my MSN Messenger account. If you've got me on your MSN Friends List, chat me securely and be impressed with how smoothly your experience goes.

Note: Be sure to check with your local IT department and your company's security policy before you install any software that enables secure communication. Also, note that SIMP is free for Personal use only.

Tracked by:
"Encrypt your MSN IM conversations" (James Simmonds' Blog) [Trackback]


Sunday, April 24, 2005 11:32:09 PM (Pacific Standard Time, UTC-08:00)
"The most difficult part of security is key creation and exchange. SIMP makes both a snap. "

still you have to manually verify the validity of the key upon first exchange (like PGP) - to mitigate "man in the middle attacks".

dominick
dominick baier
Sunday, April 24, 2005 11:48:55 PM (Pacific Standard Time, UTC-08:00)
Valid point. How would you suggest we do that?
Scott Hanselman
Monday, April 25, 2005 1:23:02 AM (Pacific Standard Time, UTC-08:00)
Over a couple of beers perhaps?
Mr. B
Monday, April 25, 2005 1:36:53 AM (Pacific Standard Time, UTC-08:00)
"It doesn't handle identity, you say? It doesn't need to; it's already handled by the fact that you're logged into your IM Account!"

I dont agree, I still think proper identity or authenticity is required. Having an MSN account is not a proof of identity.

Integrating this with X.509 client certificates could be an option. In Denmark where I live, we have public and government controlled personal X.509 certificates. Integrating this into products like SIMP could give us that last but very important "proof of identity".

About the keyexchange... SIMP uses diffie-hellman exchange, which does not require client or server side verification. This creates secure connection between the client and the server (in this case between two parties in a chat session). If multiparty chatting is required, more sofisticated keyexchange needs to take place.

/Bo
Bo Friis
Monday, April 25, 2005 3:50:08 AM (Pacific Standard Time, UTC-08:00)
I have been using this for a few months now; the one thing that i find a bother is file transfer, leaving it on all the time i forget about it and when sending files to family/friends the data transfer rate is a killer because of the encryption. even if the other party isnt running encryption it will still kill the transfer rate.
Kelly
Monday, April 25, 2005 4:51:38 AM (Pacific Standard Time, UTC-08:00)
"Valid point. How would you suggest we do that?"

like in PGP - use an out-of-band mechanism like email, voice, whatever (just don't use msn :) to verify with your peer if the hash (= fingerprint) of the key that got exchanged is the proper one.


dominick
Monday, April 25, 2005 6:56:16 AM (Pacific Standard Time, UTC-08:00)
Mr. B. - LOL. :)

Bo - Sure, it doesn't prove "Identity" with a Capital I, but I was trying to point out (apparently unsuccessfully) that having the IM account in the first place did mean SOMETHING.

Dominick - Cool.
Scott Hanselman
Friday, September 02, 2005 2:02:10 PM (Pacific Standard Time, UTC-08:00)
how do i verify my account it keeps saying you need to verify your account so you can use msn messenger but i dont have a clue how to do it it says click on your inbox then click on the first link i dont no what the link is and i dont no where my email box is can you please help me i want to use my msn thanx x
katie xXx
Comments are closed.

Contact

  • Scott Hanselman

Sponsors

Hosting By

Dedicated Windows Server Hosting by ORCS Web
Silverlight Store

Hot Topics

Tags

Africa (92) Agile (4) Arcade (8) ASP.NET (641) ASP.NET Ajax (5) ASP.NET Dynamic Data (21) ASP.NET MVC (75) BabySmash (18) Back to Basics (16) BCL (1) Bugs (169) Channel9 (13) Cloud (1) CodeRush (21) Coding4Fun (39) Corillian (26) DasBlog (131) Deployment (1) DevCenter (1) DevDays (5) Diabetes (61) DLR (4) eFinance (14) Gaming (115) Home Server (1) HttpHandler (16) HttpModule (21) Identity (3) IIS (16) INETA (8) Internationalization (44) IOC (1) Javascript (71) Learning .NET (114) LINQ (16) Longhorn (11) Microsoft (81) Mix (17) Mobile (2) Mono (2) Movies (44) MSBuild (1) MSDN (4) Musings (506) Nant (39) NCover (12) NDC (11) NDoc (6) NerdDinner (4) NotNorthwind (2) NUnit (47) Open Source (24) PDC (65) Personal (2) PHP (3) Podcast (203) PowerShell (61) Programming (251) Python (3) Remote Work (9) Reviews (141) Ruby (61) Screencasts (22) Silverlight (37) Source Code (61) Speaking (191) Subversion (15) TechEd (127) Thabo (3) Tools (424) VB (8) ViewState (19) Vista (2) VS2010 (2) Watir (21) Web Services (433) Win7 (14) Windows Client (49) WPF (36) XML (292) XmlSerializer (32) Zenzo (38)

Calendar

<November 2009>
SunMonTueWedThuFriSat
25262728293031
1234567
891011121314
15161718192021
22232425262728
293012345
Posts in timeline
Posts in Large Calendar

Archives

November, 2009 (2)
October, 2009 (19)
September, 2009 (11)
August, 2009 (12)
July, 2009 (21)
June, 2009 (26)
May, 2009 (16)
April, 2009 (13)
March, 2009 (17)
February, 2009 (17)
January, 2009 (18)
December, 2008 (32)
November, 2008 (17)
October, 2008 (22)
September, 2008 (16)
August, 2008 (14)
July, 2008 (25)
June, 2008 (19)
May, 2008 (17)
April, 2008 (17)
March, 2008 (26)
February, 2008 (21)
January, 2008 (28)
December, 2007 (19)
November, 2007 (17)
October, 2007 (31)
September, 2007 (39)
August, 2007 (37)
July, 2007 (43)
June, 2007 (37)
May, 2007 (32)
April, 2007 (38)
March, 2007 (29)
February, 2007 (46)
January, 2007 (31)
December, 2006 (27)
November, 2006 (31)
October, 2006 (32)
September, 2006 (39)
August, 2006 (34)
July, 2006 (40)
June, 2006 (18)
May, 2006 (31)
April, 2006 (34)
March, 2006 (30)
February, 2006 (38)
January, 2006 (44)
December, 2005 (19)
November, 2005 (34)
October, 2005 (24)
September, 2005 (37)
August, 2005 (20)
July, 2005 (24)
June, 2005 (33)
May, 2005 (16)
April, 2005 (22)
March, 2005 (34)
February, 2005 (15)
January, 2005 (37)
December, 2004 (28)
November, 2004 (30)
October, 2004 (34)
September, 2004 (22)
August, 2004 (34)
July, 2004 (18)
June, 2004 (64)
May, 2004 (49)
April, 2004 (21)
March, 2004 (29)
February, 2004 (29)
January, 2004 (36)
December, 2003 (25)
November, 2003 (24)
October, 2003 (59)
September, 2003 (42)
August, 2003 (24)
July, 2003 (44)
June, 2003 (29)
May, 2003 (21)
April, 2003 (30)
March, 2003 (27)
February, 2003 (47)
January, 2003 (50)
December, 2002 (31)
November, 2002 (38)
October, 2002 (44)
September, 2002 (15)
May, 2002 (2)
April, 2002 (4)

Google Ads