SWEET: Meebo.com's SSL Site Encrypts Chats Too.

If you haven’t been to meebo.com, you probably haven’t needed to chat from a location that restricts chat program installs ;) Meebo.com is super slick; with nothing more than a browser, you can access your favorite chat network. The unencrypted meebo.com site does encrypt your password but stops there. By accessing Meebo.com via HTTPS, it appears that your entire session will be encrypted.

To test this, I killed all of my network connections, opened up IE (Firefox extensions make too many calls) and connected to the secure meebo.com. After chatting for some time, only the following two entries appeared in netstat -n.


Active Connections

Proto Local Address Foreign Address State
TCP xx.xxx.x.x:3336 65.19.140.10:443 ESTABLISHED
TCP xx.xxx.x.x:3337 65.19.140.10:443 ESTABLISHED

There are only connections to the HTTP SSL port, 443, and no connections to regular HTTP on port 80. Oh, and speaking of secure, here is a GreaseMonkey script that ensures that Gmail uses a secure connection. I think, however, that there must be some kind of hidden frame that encrypts all Gmail connections, even when you initally connect via HTTP and not HTTPS. It just doesn’t seem right that Google would send all that info unencrypted. Let me test…

OK, I don’t know if this is any true indicator, but it seems that Gmail actually does not encrypt in its AJAX calls when you hit the page in plain ol HTTP.


Active Connections

Proto Local Address Foreign Address State
TCP xx.xxx.x.x:3590 216.239.63.189:80 ESTABLISHED
TCP xx.xxx.x.x:3592 216.239.63.189:80 ESTABLISHED
TCP xx.xxx.x.x:3605 216.239.63.83:80 ESTABLISHED
TCP xx.xxx.x.x:3606 216.239.63.83:80 ESTABLISHED

That’s nuts. If you don’t use Firefox or if you don’t want to use the GreaseMonkey extension, just make sure you check your Google mail by hitting https://mail.google.com/mail directly. Note: Hitting https://gmail.com will redirect you to an unsecured address.

Chrissy is a Cloud and Datacenter Management & Data Platform MVP who has worked in IT for over 20 years. She is the creator of the popular SQL PowerShell module dbatools, holds a master's degree in Systems Engineering and is coauthor of Learn dbatools in a Month of Lunches. Chrissy is certified in SQL Server, Linux, SharePoint and network security. You can follow her on Twitter at @cl.

Posted in Security
2 comments on “SWEET: Meebo.com's SSL Site Encrypts Chats Too.
  1. Frederic says:

    The problem I have with this page is just that using meebo.com is not end to end encrypted, you’re just encrypted to the meebo servers, and then it’s plain text through AIM servers, and on to your friends… if they also use meebo, then you’re encrypted to meebo.com -> plaintext -> AIM -> plaintext -> meebo.com ->encrypted -> friends. If meebo chooses to implement some encryption that works within the text, it’s possible, but loads more processing on them, to remove the plaintext through aim link, it could work with adiumx, or gaim’s or trillians, if all of those have open spec’s but it probably would just work if both participants use meebo.

  2. Pachai_kili says:

    Hi,
    Could you please let me know how i can access Meebo.com bypassing the Block that has been applied to it…
    i tried with https with firefox… yet i am not able to connect to it… when i try with https, i get a Msg :
    “The connection was reset.

    The connection to the server was reset while the page was loading.”

    how can i bypass this… i even tried with yet i am not able to get to the site.

    can you help me out here, Please!
    thanks,
    pachai kili

Leave a Reply