IP: USERS STILL VULNERABLE TO AIM BREAK-INS: Edupage, February 26, 2001

[David Farber <dave () farber net>]

> Security experts warn of the risk involved in using America
> Online's Instant Messaging (AIM) service, saying the system is
> far too easily accessed by hackers. Although AOL officials
> claim that recent reports are unsubstantiated and contest
> that patches to the AIM software have solved all problems, many
> in the security field argue otherwise. Mike Shinn, who led the
> Cisco Systems team contracted by AOL to develop security software
> for the AIM service, says the company asked his team not to
> create any defensive mechanisms but simply to write code alerting
> AOL officials that there had been an attempt at hacking. Such
> testimony is consistent with other experts, who criticize AOL for
> fixing problems on a case-by-case basis, instead of implementing
> any large-scale preventive measures. Because AIM software is
> active any time a user's Web browser is on, hackers can send
> messages coded with "junk" in order to overflow the buffer and
> allow partial control over the victim's computer. Also, AOL
> central servers are purportedly vulnerable to hackers seeking to
> steal AIM users' passwords.
> (Planet IT, 23 February 2001)



For archives see: http://www.interesting-people.org/