Interesting People mailing list archives
IP: USERS STILL VULNERABLE TO AIM BREAK-INS: Edupage, February 26, 2001
From: David Farber <dave () farber net>
Date: Mon, 26 Feb 2001 18:45:38 -0500
Security experts warn of the risk involved in using America Online's Instant Messaging (AIM) service, saying the system is far too easily accessed by hackers. Although AOL officials claim that recent reports are unsubstantiated and contest that patches to the AIM software have solved all problems, many in the security field argue otherwise. Mike Shinn, who led the Cisco Systems team contracted by AOL to develop security software for the AIM service, says the company asked his team not to create any defensive mechanisms but simply to write code alerting AOL officials that there had been an attempt at hacking. Such testimony is consistent with other experts, who criticize AOL for fixing problems on a case-by-case basis, instead of implementing any large-scale preventive measures. Because AIM software is active any time a user's Web browser is on, hackers can send messages coded with "junk" in order to overflow the buffer and allow partial control over the victim's computer. Also, AOL central servers are purportedly vulnerable to hackers seeking to steal AIM users' passwords. (Planet IT, 23 February 2001)
For archives see: http://www.interesting-people.org/
Current thread:
- IP: USERS STILL VULNERABLE TO AIM BREAK-INS: Edupage, February 26, 2001 David Farber (Feb 26)