Security Incidents mailing list archives
RE: Possible AIM Hack?
From: "Jeff Britton, Monitored Security" <jeff.britton () monitoredsecurity com>
Date: Wed, 15 Mar 2006 13:38:23 -0000
completely different passwords. I'm logging into the same account using 2 very different passwords as we speak. -----Original Message----- From: Benjamin Tomhave [mailto:falcon () secureconsulting net] Sent: Tuesday, March 14, 2006 4:53 PM To: Jeff Britton, Monitored Security Cc: incidents () securityfocus com Subject: RE: Possible AIM Hack? AIM normalizes passwords - were your new passwords variants of old passwords using non-alphanumerics or changes in capitalization? On Tue, March 14, 2006 1:02 pm, Jeff Britton, Monitored Security said:
Has anyone else even noticed that (at least in the older versions) you can use previous passwords to login? As of right now, I can log into my AIM account with 3 different passwords...was wondering if anyone else noticed this too? -----Original Message----- From: CISO [mailto:ciso () elitemail org] Sent: Tuesday, March 14, 2006 11:34 AM To: belka () att net; incidents () securityfocus com Subject: Re: Possible AIM Hack? The new edition of AIM has this issue because the product is still technically in BETA. The older edition of AIM typically doesn't have this problem. Remember that AIM is a free service so there are no real SLAs to end users unless you are using the enterprise edition of AIM. The inability to log on (authenticate) or create new accounts is because that piece is controlled from the same mechanism (servers). James On 14 Mar 2006 15:57:03 -0000, belka () att net said:Here is the gist of what happened: March 8th, while using AIM, it logs me off. When I try to log back in, it tells me my password is incorrect. When I try to rest the password, I receive no password rest message. It is as if the hack changes the account e-mail at the same time to prevent password rest. Lastly, I went to create a new AIM account -- but without success. The error message tells me that the service is temporarily unavailable. I tried from several computers, and from different places, to no avail. As of 09:11 CST (-6GMT) AIM will still not allow new accounts to be set up. I haven't seen any news from any source about an AIM hack, but I have heard anecdotally from my college aged kids that several of their friends were also affected around the same time period and most have not been able to establish new AIM accounts. Is any one else seeing any kind of similar activity/results surrounding AIM? Or am I just a victim of a series of unfortunate events? Thanks
Current thread:
- RE: Possible AIM Hack?, (continued)
- RE: Possible AIM Hack? Michael Wright (Mar 14)
- Re: Possible AIM Hack? Travis Haymore (Mar 14)
- Re: Possible AIM Hack? Steven (Mar 14)
- Re: Possible AIM Hack? Valdis . Kletnieks (Mar 15)
- Re: Possible AIM Hack? Steven (Mar 16)
- Re: Possible AIM Hack? Valdis . Kletnieks (Mar 16)
- Re: Possible AIM Hack? Steven (Mar 16)
- Re: Possible AIM Hack? Steven (Mar 14)
- Message not available
- RE: Possible AIM Hack? Benjamin Tomhave (Mar 14)
- Re: Possible AIM Hack? Dustin Childers (Mar 16)
- RE: Possible AIM Hack? Phillip R Cooper II (Mar 16)
- RE: Possible AIM Hack? ACMurray (Mar 16)
- Re: Possible AIM Hack? Valdis . Kletnieks (Mar 17)
- RE: Possible AIM Hack? Jeff Bryner (Mar 17)