Did you know that when you chat with your friends using any instant messenger such as Windows Live Messenger or Yahoo Messenger, the conversation is being sent as clear text form which can be intercepted by sniffing the network data? I know many of you who work in office often talk to your friends using a messenger thinking that it’s safe to reveal anything but it’s not. Most company uses a server to share internet connection, so all traffic will go through the server first. If the administrator install a packet sniffer that is able to decode MSN packets on the server,the admin is able to intercept all messages in and out of MSN.
Don’t believe? See how easy I sniff and decode MSN messages. I install MSN Sniffer 2 from EffeTech on my server. Then I use two workstations to chat with each other. I logged in to Windows Live Messenger for both account on different computer, then I start a conversation.
As you can see, MSN Sniffer is able to capture and decode MSN packets. It displays both MSN incoming and outgoing messages.
It is wrong for the administrator to install a packet sniffer to capture and decode packets but then you can’t blame them because they are afraid of you leaking confidential company information to other people. However, you can use encryption solution to protect yourself from being sniffed.
There are many encryption utilities but the one that works the best for me is Simp Pro/Lite created by Secway. SimpLite prevents eavesdroppers from reading your personal instant messenger conversations. There are 2 versions of Simp, the Lite and PRO. The PRO version is the shareware version of Simp and it supports all types of instant messengers. But if want to use it for free, you can use Simp Lite with the catch of only one product from the SimpLite family can be launched at the same time on your computer. Meaning if you’re using SimpLite-MSN, you can’t use SimpLite-Yahoo simultaneously.
Simp can handle both encrypted and unencrypted chats. To have encrypted conversation, both parties must have Simp installed. If either one person doesn’t have Simp installed, the conversation will remain unencrypted.
Here are the steps to use SimpLite for encrypting your chat messages.
1. Download and install SimpLite.
2. You’ll be presented with Simp configuration wizard. Select whatever is appropriate.
3. After finish configuring, you’ll need to generate keys. Click next at the welcome screen.
4. You can use the default Cipher and click Next. Make sure the RSA is 2048 bits for maximum security.
5. Enter a password to protect your private key. Whenever you run SimpLite, you’ll need to enter this password.
6. Move your mouse cursor around the window to generate random numbers. Click Next and it will generate your RSA 2048 bits keypair.
Ask the other person that you want to securely chat with to install and configure SimpLite like what you did. When both of you have SimpLite installed, either person will have to send a message. That will bring up a screen on both party asking whether to accept the new key.
Once both party has clicked Accept button, you’ll get a popup window stating “Authenticated and encrypted“.
If you open SimpLite window from the tray bar, you’ll notice that a new key being added. The next time when you chat with the same person, the conversation is automatically encrypted.
To proof that the chat is encrypted, I run MSN Sniffer again and start capturing the packets in the network. Then I start a conversation with the same message as above “Hello Peter, how are you today?”. This is what the MSN Sniffer logged.
I bet the administrator would be cracking his head on what has happened to his MSN sniffer when he sees messages that only has random letters and numbers.
SimpLite can work on MSN, Yahoo, ICQ, AIM, Google and Jabber. Do take note that SimpLite encryption only protects you from network sniffers but not keyloggers. If you’re sure that your local computer is clean from keylogger, then having SimpLite would be an added protection.