Re: Possible AIM Hack?

["Steven" <steven () lovebug org>]

Well like I said it could be a number of things but if you cannot logon 
anymore as I said then there's a good chance of a compromise.  The whole 
part about not being able to logon anymore would indicate a persistent 
problem that is permanent and not some problem signing on for a few minutes. 
That would mean you couldn't logon right after getting kicked off, 10 mins 
later, 6 hours later, 5 days later, etc.  Additionally, if some server that 
gives a yea/nay is on a coffe + donut break -- what would that have to do 
with kicking you offline after already being authenticated?

Let's see it's been at least a day.  Can you logon now?  If the answer is 
yes.. chances are someone didn't steal your account.  If the answer is no --  
I'll go with you're compromised or you forgot your password.  Anyway that's 
just one possible reason which defintely occurs quite frequently to people 
with desirable screen names or that have pissed off someone.

Steven

----- Original Message ----- 
From: <Valdis.Kletnieks () vt edu>
To: "Steven" <steven () lovebug org>
Cc: "Travis Haymore" <thaymore () gmail com>; <belka () att net>; 
<incidents () securityfocus com>
Sent: Tuesday, March 14, 2006 8:02 PM
Subject: Re: Possible AIM Hack?

On Tue, 14 Mar 2006 16:12:50 EST, Steven said:
> logged off and can no longer logon anymore -- then that is a different
> issue.  This would indicate that your account has been compromised.

Or that the authentication server has gone casters-up.

Which is more likely - that you and others that saw the same inability to 
login
have *all* had your accounts compromised at the same time, or that the 
server
that gives the final yea/nay was off having a coffee and donut break?