Jump to content

aimfight

joerdz
in Computer Science

Featured Replies

So aim provides this 'service' called "aimfight" at http://www.aimfight.com where you plug in two screennames and it compares the amounts of buddies existent in 3 friend levels. (or something along those lines).

 

Here is the thing, you dont have to be an aim member in order to do the comparing. So, what is the trick behind it?

 

It doesnt seem like aim would provide a passwordless way to retrieve the number of names in a user's buddy list.

 

My point is, isnt this potentially dangerous in that crackers could retrieve 'buddy names' from a user's list without the need of a password? Or could this mean that people could actually message their friends without having to be logged in? what about being able to check user's profiles without to be signed in?

0_0!!

 

*checks link*

holy crap my ex has over 6000.

 

yeah with a bit of work it could be done.

I think that thing that might be complicated is who's whom's friend?

You are slightly confused, aim fight does not check you buddy list, it checks other peoples buddy lists for you sn. and it only checks that on people online, so you can see there is no potenional for any security holes crackers could abuse.

hmm...

 

i see a hole I think.

 

let me think about this...

 

ME = Target

 

it has a few choices here.

go to server and check for people who have my name on their buddy list

or go to my buddy list and check how many people on my buddy list have me on their list.

 

either way, there is a supposed way to link up who you have spoken to before, or those who have you but never spoke to you.

 

this leads a connection from one person to you.

 

so i'm assuming there's a way to figure out who has you on their list.

 

the application is looking at some database with people who are connected to you.

 

i think there is a limit on how many people you can have on your buddy list so that would mean that it goes to a server and checks out how many people have added you to their buddy list.

 

i probably shouldn't be discussion this but I hate AOL. :D

 

so i'm guessing it would work like this.

 

1. input AIM_NAME

2. Search through database for AIM_NAME

3. Retrieve count of the users

4. Add up total count

5. display

 

between 2 and 3 you will find who has you on their list.

=========================================================

I'm sure with some manipulation you could find out who has you on their list.

 

That's the only open thing I see.

 

Kinda makes me think that your buddy list isn't password protected then.

I mean if the server can access buddy lists and you don't need a password, then there isn't a password protection around buddy lists.

 

There's probably some type of encryption though. Maybe? Heh. I'm sure someone will see this post.

 

I guess when a person logs in on AIM then it just recognizes that you signed on and displays your buddy list because the server is told to retrieve it since you logged into (oscar)? i think it's oscar or something.

 

i'm guessing the only thing that is password protected is sending and recieving messages. Also, profile info and other user details.

Dunno if this means anything, but you can save your buddy list without logging on. That must mean something.

What is THE most popular AIM name? If you enter "bob" it says "AIM top 5%"... but what name is THE most popular?

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.