Bugtraq mailing list archives
Re: Ability to read buddy list of AIM users
From: "Andrew J. Stackhouse" <ajs () codewolf com>
Date: Mon, 15 Apr 2002 12:25:03 -0400
Actually on my Win2k install (AIM version 4.7.2480), the file is in: C:\Documents and Settings\<w2k user name>\Application Data\Aim\<AIM User Name> which would not be accessable by anyone but the user or someone with Administrator's rights ----- Original Message ----- From: "sunny licious" <sunnylicious () hotmail com> To: <bugtraq () securityfocus com> Sent: Monday, April 15, 2002 11:30 AM Subject: Ability to read buddy list of AIM users
Ive been able to do this on publicly accessible computers...such as university labs...You can see the buddy list of other people who have signed on to AIM on that computer. On win2k in the folder named winnt/AIM95/"screenname" there is a file called userinfo.bag which stores all the names on your buddy list...all you have to do is traverse to a different screenname directory and open up the file with any editor. In win XP the folder is in winnt/system32/aim95. This pretty much works on any OS although I havent tried linux and Mac yet. Although this may not be a serious threat, its pretty much a violation of privacy...and that is a right we all have correct?? corrrect..Its pretty easy for anyone being nosy to start harrasing people on your buddy list. I hope this isnt a repost. Contacting AOL also pretty much all that needs to be done is check out the aim95 folder for a file called userinfo.bag
Current thread:
- Ability to read buddy list of AIM users sunny licious (Apr 15)
- Re: Ability to read buddy list of AIM users Andrew J. Stackhouse (Apr 15)
- Re: Ability to read buddy list of AIM users Eugene Medynskiy (Apr 17)
- <Possible follow-ups>
- RE: Ability to read buddy list of AIM users emann (Apr 16)
- RE: Ability to read buddy list of AIM users emann (Apr 16)