Re: Instant messenger's

["Steven" <steven () lovebug org>]

> From what I have seen most of the flaws are generally in the application 
itself.  There are often bugs in AOL's AIM, GAIM, Trillian and other clients 
all of the time.  You can just check BUGTRAQ or any other listserv/archive 
and see this.  It would seem though that sometimes the open source and/or 
lesser used applications tend to get their bugs patched quicker.

There have been flaws in the past that have allowed attackers to take over 
AIM accounts, find the related e-mail addresses, still yahoo/hotmail 
accounts and what not.  Obviously these flaws can lead to a compromise of 
the instant messaging account but generally have nothing to do with the 
protocol or client.

Steven


----- Original Message ----- 
From: "Chris Griffin" <cgriffin () dcmindiana com>
To: <pen-test () securityfocus com>
Sent: Wednesday, July 13, 2005 11:05 AM
Subject: Instant messenger's


> Hey List.
>
> I figure this list could be best for this question, since I'd think the
> pen testers
> would be more up to date on spreading vulns.
>
> With all the IM flaws out there, does it more than not, stem from the
> protocol?
> or the actual client?
>
> My main point being, is using GAIM (or any other all in one for that
> matter) for msn, yahoo, aim chats more secure than the "name brand" 
> clients?
>
>
> Thanks!
>
>
>
>
>
>
> ------------------------------------------------------------------------
> CONFIDENTIALITY NOTICE:
>
> This e-mail message, including any attachments, is for the sole use of the 
> intended recipient(s) and may contain confidential and privileged 
> information. Any unauthorized review, use, disclosure or distribution is 
> prohibited. If you are not the intended recipient, please contact the 
> sender by reply and destroy all copies of the original message.
> ---------------------------------------------------------------------------