RE: Instant messenger's

["Todd Towles" <toddtowles () brookshires com>]

GAIM will have will flaws in it as well. Virus still spread send message
to GAIM users trying to spread, and it can work. Information disclourse
and file transfering is still a big threat to corporate IM world. 

It is my understand that IM messages have been classified the same as
mail in the public-trade corporate world. Archiving is needed and
records must be kept of all IM messages. But I don't work for a public
company, so I could be wrong.

> -----Original Message-----
> From: Steven [mailto:steven () lovebug org] 
> Sent: Wednesday, July 13, 2005 2:50 PM
> To: Chris Griffin; pen-test () securityfocus com
> Subject: Re: Instant messenger's
>
> From what I have seen most of the flaws are generally in the 
> application itself.  There are often bugs in AOL's AIM, GAIM, 
> Trillian and other clients all of the time.  You can just 
> check BUGTRAQ or any other listserv/archive and see this.  It 
> would seem though that sometimes the open source and/or 
> lesser used applications tend to get their bugs patched quicker.
>
> There have been flaws in the past that have allowed attackers 
> to take over AIM accounts, find the related e-mail addresses, 
> still yahoo/hotmail accounts and what not.  Obviously these 
> flaws can lead to a compromise of the instant messaging 
> account but generally have nothing to do with the protocol or client.
>
> Steven
>
>
> ----- Original Message -----
> From: "Chris Griffin" <cgriffin () dcmindiana com>
> To: <pen-test () securityfocus com>
> Sent: Wednesday, July 13, 2005 11:05 AM
> Subject: Instant messenger's
>
>
> > Hey List.
> >
> > I figure this list could be best for this question, since 
> I'd think the
> > pen testers
> > would be more up to date on spreading vulns.
> >
> > With all the IM flaws out there, does it more than not, 
> stem from the
> > protocol?
> > or the actual client?
> >
> > My main point being, is using GAIM (or any other all in one for that
> > matter) for msn, yahoo, aim chats more secure than the "name brand" 
> > clients?
> >
> >
> > Thanks!
> --------------------------------------------------------------
> ----------
> > CONFIDENTIALITY NOTICE:
> >
> > This e-mail message, including any attachments, is for the 
> sole use of the 
> > intended recipient(s) and may contain confidential and privileged 
> > information. Any unauthorized review, use, disclosure or 
> distribution is 
> > prohibited. If you are not the intended recipient, please 
> contact the 
> > sender by reply and destroy all copies of the original message.
> --------------------------------------------------------------
> -------------
> >