Re: Possible AIM Hack?

[belka () att net]

As far as the AIM server being temporarily down, as of 0900 EST (GMT -5) 16 MAR 06, it is 
still not possible (at least for me) to create a new AIM user account.  I would 
encourage others to go to www.aim.com and attempt to create an AIM identity and 
see if they get the same results.  I have tried creating a new account in at 
least four different cities in the last week using different hardware, ISPs, 
etc. -- all with no effect.  With every attempt I receive a pop up java script 
window stating "The service you are attempting to use is temporarily 
unavailable,error 20814"

This message has been returned since last week -- if the authentication server is 'casters 
up", then the system admins at AIM are operating under a very, very, generous 
Service Levels Agreement.  My experience is that if you are down a week, its 
time to break out the disaster recovery plans.  In fairness, however, AIM is a 
free service.  Free usually means you get what you pay for.  Right now I am 
receiving from AOL exactly what I have been paying -- nothing.

But in seriousness, a lot of people depend on AIM for social and even business 
interaction. It has, free or not, become a "critical application" to a lot of 
people.  I made a couple of attempts to contact AOL about the problem, without 
result.  

In a larger context, if there is a problem at AOL with AIM, and it has been 
hacked, and it has been down over a week -- what of the data and accounts of the 
gazillions of users who are regulars on AIM?  Is that data safe?  Given the 
recent stories about the spike in debit card fraud recently, and that spike has 
been tenatively traced back to a possibility of a vendor that wat was hacked and lost 
the data (stay tuned to this story as it develops), the circumstances that my 
account "disappeared" and the fact that creating a new account is disabled is 
troubling. 



--
Rob Frazier, CISSP, ISSAP
www.xakephet.com
325-695-7238 Lab
817-271-7557

 -------------- Original message ----------------------
From: "Steven" <steven () lovebug org>
> Well like I said it could be a number of things but if you cannot logon 
> anymore as I said then there's a good chance of a compromise.  The whole 
> part about not being able to logon anymore would indicate a persistent 
> problem that is permanent and not some problem signing on for a few minutes. 
> That would mean you couldn't logon right after getting kicked off, 10 mins 
> later, 6 hours later, 5 days later, etc.  Additionally, if some server that 
> gives a yea/nay is on a coffe + donut break -- what would that have to do 
> with kicking you offline after already being authenticated?
>
> Let's see it's been at least a day.  Can you logon now?  If the answer is 
> yes.. chances are someone didn't steal your account.  If the answer is no --  
> I'll go with you're compromised or you forgot your password.  Anyway that's 
> just one possible reason which defintely occurs quite frequently to people 
> with desirable screen names or that have pissed off someone.
>
> Steven
>
> ----- Original Message ----- 
> From: <Valdis.Kletnieks () vt edu>
> To: "Steven" <steven () lovebug org>
> Cc: "Travis Haymore" <thaymore () gmail com>; <belka () att net>; 
> <incidents () securityfocus com>
> Sent: Tuesday, March 14, 2006 8:02 PM
> Subject: Re: Possible AIM Hack?
>
> On Tue, 14 Mar 2006 16:12:50 EST, Steven said:
> > logged off and can no longer logon anymore -- then that is a different
> > issue.  This would indicate that your account has been compromised.
>
> Or that the authentication server has gone casters-up.
>
> Which is more likely - that you and others that saw the same inability to 
> login
> have *all* had your accounts compromised at the same time, or that the 
> server
> that gives the final yea/nay was off having a coffee and donut break?