Bugtraq mailing list archives
Re: AOL Instant Messenger
From: datatwirl () GIS NET (Oppenheimer, Max)
Date: Tue, 9 May 2000 14:48:19 -0400
napster does the same thing -- whenever you get a file off napster it displays its full path, or atleast it does on linux versions of napster obviously, it does the same thing with windows version, even if it might not show it) max ----- Original Message ----- From: Daniel P. Stasinski <daniels () KAREMOR COM> To: <BUGTRAQ () SECURITYFOCUS COM> Sent: Monday, May 08, 2000 2:08 PM Subject: AOL Instant Messenger
When sending a file to someone using AOL's Instant Messenger program, the entire local path of your file is shown to the recipient. Not only is this an invasion of privacy, it also opens the door to known security holes in web browsers where access can be gained to specific files provided that you know the full path to those files, or guessed file names in that same path. AOL has not responded to my direct reports. Daniel
Current thread:
- Re: glibc resolver weakness Steven M. Bellovin (May 03)
- Re: glibc resolver weakness D. J. Bernstein (May 06)
- Re: glibc resolver weakness Gary Ellison (May 08)
- AOL Instant Messenger Daniel P. Stasinski (May 08)
- Re: AOL Instant Messenger Oppenheimer, Max (May 09)
- New Allaire Security Zone Bulletin Posted Aleph One (May 08)
- Advisory: Netopia R9100 router vulnerability Stephen Friedl (May 08)
- Re: Advisory: Netopia R9100 router vulnerability Gary L. Burnore (May 09)
- Re: Advisory: Netopia R9100 router vulnerability Rob Tashjian (May 10)
- Microsoft Security Bulletin (MS00-031) Microsoft Product Security (May 10)
- Re: Advisory: Netopia R9100 router vulnerability Jeffrey Paul (May 13)
- "ClientSideTrojan" bug Kragen Sitaker (May 09)
- Re: "ClientSideTrojan" bug David L. Nicol (May 11)
- Re: "ClientSideTrojan" bug Magosanyi Arpad (May 16)
- BUFFER OVERRUN VULNERABILITIES IN KERBEROS Jeffrey I. Schiller (May 16)
- Re: Advisory: Netopia R9100 router vulnerability Gary L. Burnore (May 09)
(Thread continues...)