No, we're not talking about 1940's literature today - I've been reading, as have many, that Microsoft is planning to finally stop the venerable MSN Messenger Chat service. I find it interesting that the press is touting that MSN has few users left. This might be true in our community, and I wouldnât doubt that almost every demographic has moved away from MSN to other chat services like SMS on phones, Facebook, Skype, Twitter or whatever.
But maybe Toronto is an internet backwater or something â for every IPS stand up or egress filter I configure, in any company Iâll still find a handful of MSN Messenger users. While we're seeing generally low activity on the main port used by MSN (1863) , we still see spikes in traffic - https://isc.sans.edu/port.html?port=1863
Do internet services ever die naturally? It seems to me that folks hang on to what they know like grim death, and only give up services when theyâre terminated forcibly. Â
As a penetration tester, these older services can be a gold mine. To me, older services (not to pick on any one service in particular) quite often are clear-text, so if you can get a clean packet capture then you've got a very good shot at harvesting credentials. And we know for a fact that folks will tend to re-use credentials - userid's are easy to derive, but if you can harvest passwords on one service, you've got an excellent chance at re-using them to compromise another application or service.
Again, I'm not sure if it's just me, but I also tend to see that users of these older "consumer" type applications like this for some reason seem to be clustered in the upper echelons of many companies. In other words, some of the best targets (politically at least) are using some of the most easily compromised applications.
Password re-use, prefering old/known applications to new ones, and "user clustering" around older apps - are you seeing this same trends? Â
Did xkcd get it right? http://xkcd.com/1305/
Please, use our comment form and let us know what you're seeing, both on MSN messenger or on other "old" internet applications!
===============
Rob VandenBrink
Metafore