Roanoke-Chowan Community College

Institutional Technology & Computer Services

Don't Use Chat or Instant Messaging Software

Unlike traditional email, which has a store-and-forward model, Instant Messaging sends messages immediately. IM clients can send graphics, sounds, voice, video, online gaming, workgroup collaboration, and files.  This functionality presents new hacking opportunities. Most of the larger, popular IM networks are of the peer-to-server variety. Participating servers use a common protocol to share synchronized channels.  When an IM client sends a message on a particular channel, all participating servers receive and distribute it to all channel participants. Users with IM client software connect to a participating server and join different chat channels.  AOL's, Microsoft's, and Yahoo!'s IM networks are all examples of the peer-to-server model. 

The peer-to-server IM network model can handle millions of users.  Any breakdown in server-to-server communications results in messaging problems and potential vulnerabilities. Many peer-to-server IM networks allow peer-to-peer connections for private chats and file exchanges. Intruders often exploit this functionality.Each IM user must have a unique chat name (also called a screen name, nickname, or handle). Intruders often steal handles (called name hijacking) to pose as another user. Malicious intruders are on every popular IM service.  The more users an IM network has, the more attacks occur on that network. Attacks disrupt legitimate traffic, compromise computers, and spread malicious software (malware), thus putting the University's network at risk.