Vulnerability Development mailing list archives
Re: In regards to the insecurity of AOL Instant Messenger
From: moksha faced <admin () mokshafaced com>
Date: Tue, 6 Aug 2002 11:15:42 -0700 (PDT)
silly question, but has anyone written a bot using gaim or jaim? --- Nick Lange <nicklange () wi rr com> wrote:
Trillian allows SSL over AIM protocol [or did allow in .72, haven't checked the RC1 release yet]. lICQ allowed SSL over ICQ as well... so it's there if you're willing to use alternative clients, but most people don't. nick ----- Original Message ----- From: "Alex Lambert" <alambert () webmaster com> To: "Adam Carr" <itsacarr () adelphia net>; <vuln-dev () lists securityfocus com> Sent: Tuesday, August 06, 2002 11:15 AM Subject: Re: In regards to the insecurity of AOL Instant MessengerNow my question, is how secure are normal "ims"on AIM. How difficult =would it be to listen to anothers msgs and if atall possible, how could =this be fixed.=20"msgsnarf records selected messages fromAOL Instant Mes-senger, ICQ 2000, IRC, MSN Messenger, orYahoo Messengerchat sessions." (msgsnarf(8) manpage) AFAIK, none of the above protocols are usuallyencrypted. dsniff
(http://www.monkey.org/~dugsong/dsniff/dsniff-2.3.tar.gz)
can pick them up.apl ----- Original Message ----- From: "Adam Carr" <itsacarr () adelphia net> To: <vuln-dev () lists securityfocus com> Sent: Monday, August 05, 2002 5:58 PM Subject: In regards to the insecurity of AOLInstant MessengerAfter seeing the recent emails about the hidewindows while away =function while I don't quite understand that asa security threat this =does remind me of other insecurities of AIM andsome questions I had as =well. The first threat to AIM users that I am aware ofand have tested myself =is under Direct Connects with another user. Witha targets ip, it is not =difficult at all to intercept the dcc's messagesand to input your own. =Quite frightening. A simple fix is to change theport which AIM direct =connects on. Seeing as how my explanations arenot that great I invite =anyone else who is aware of this to explain thatflaw in AIM.Now my question, is how secure are normal "ims"on AIM. How difficult =would it be to listen to anothers msgs and if atall possible, how could =this be fixed.=20 I know AIM has\had it's share of othervulnerabilities so please speak =up if you know of any. Thanks ... Cheers ... Adam
Current thread:
- In regards to the insecurity of AOL Instant Messenger Adam Carr (Aug 05)
- Re: In regards to the insecurity of AOL Instant Messenger Alex Lambert (Aug 06)
- Re: In regards to the insecurity of AOL Instant Messenger Nick Lange (Aug 06)
- Re: In regards to the insecurity of AOL Instant Messenger moksha faced (Aug 06)
- Re: In regards to the insecurity of AOL Instant Messenger Alex Lambert (Aug 06)
- Re: In regards to the insecurity of AOL Instant Messenger Alex Lambert (Aug 06)
- Re: In regards to the insecurity of AOL Instant Messenger Bojan Zdrnja (Aug 07)
- Re: In regards to the insecurity of AOL Instant Messenger Nick Lange (Aug 06)
- Re: In regards to the insecurity of AOL Instant Messenger Alex Lambert (Aug 06)
- Re: In regards to the insecurity of AOL Instant Messenger H C (Aug 06)
- <Possible follow-ups>
- RE: In regards to the insecurity of AOL Instant Messenger jbarbo1 (Aug 06)
- Re: In regards to the insecurity of AOL Instant Messenger John Scimone (Aug 06)
- In regards to the insecurity of AOL Instant Messenger mike (Aug 06)
- RE: In regards to the insecurity of AOL Instant Messenger Seth Knox (Aug 06)
- RE: In regards to the insecurity of AOL Instant Messenger Jason Barbour (Aug 06)