From: Luciano Martins Sent: Wednesday, October 27, 1999 2:36 PM Subject: MSN Messenger Service 1.0 Problem: The encryption algorithm used is weak and easily broken. MSN Messenger Service 1.0 Problem: The encryption algorithm used is weak and easily broken. MSN Messenger Service allows users to save their email password using the "Save this password so I don't have to enter it every time i log on" checkbox when try to logon in the Messenger Service. The email and the password are stored in the registry key KEY_CURRENT_USER\Identities\{9C53B920-A2E8-11D1-A59D-008048B12 C6E}\Software\ Microsoft\MessengerService\PasswordMSN Messenger Service {9C53B920-A2E8-11D1-A59D-008048B12C6E} = this change in all machines This information can be decripted using the MessengerServiceEmailPasswordDumper 1.0 Published by: Ussr Solution: If a user does not check the 'Save this password so I don't have to enter it every time i log on' checkbox prevents the password from being stored and decripted. MessengerServiceEmailPasswordDumper 1.0 binary for i386 or source code go to wwww.ussrback.com/MSNMS10/