Penetration Testing mailing list archives
RE: Instant messenger's
From: "Todd Towles" <toddtowles () brookshires com>
Date: Thu, 14 Jul 2005 08:17:15 -0500
GAIM will have will flaws in it as well. Virus still spread send message to GAIM users trying to spread, and it can work. Information disclourse and file transfering is still a big threat to corporate IM world. It is my understand that IM messages have been classified the same as mail in the public-trade corporate world. Archiving is needed and records must be kept of all IM messages. But I don't work for a public company, so I could be wrong.
-----Original Message----- From: Steven [mailto:steven () lovebug org] Sent: Wednesday, July 13, 2005 2:50 PM To: Chris Griffin; pen-test () securityfocus com Subject: Re: Instant messenger's From what I have seen most of the flaws are generally in the application itself. There are often bugs in AOL's AIM, GAIM, Trillian and other clients all of the time. You can just check BUGTRAQ or any other listserv/archive and see this. It would seem though that sometimes the open source and/or lesser used applications tend to get their bugs patched quicker. There have been flaws in the past that have allowed attackers to take over AIM accounts, find the related e-mail addresses, still yahoo/hotmail accounts and what not. Obviously these flaws can lead to a compromise of the instant messaging account but generally have nothing to do with the protocol or client. Steven ----- Original Message ----- From: "Chris Griffin" <cgriffin () dcmindiana com> To: <pen-test () securityfocus com> Sent: Wednesday, July 13, 2005 11:05 AM Subject: Instant messenger'sHey List. I figure this list could be best for this question, sinceI'd think thepen testers would be more up to date on spreading vulns. With all the IM flaws out there, does it more than not,stem from theprotocol? or the actual client? My main point being, is using GAIM (or any other all in one for that matter) for msn, yahoo, aim chats more secure than the "name brand" clients? Thanks!-------------------------------------------------------------- ----------CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for thesole use of theintended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure ordistribution isprohibited. If you are not the intended recipient, pleasecontact thesender by reply and destroy all copies of the original message.-------------------------------------------------------------- -------------
Current thread:
- Instant messenger's Chris Griffin (Jul 13)
- Re: Instant messenger's Steven (Jul 13)
- <Possible follow-ups>
- RE: Instant messenger's Todd Towles (Jul 14)
- RE: Instant messenger's Desai, Dipen (Jul 28)