Security Incidents mailing list archives
RE: Possible AIM Hack?
From: Jeff Bryner <jbryner1 () yahoo com>
Date: Fri, 17 Mar 2006 17:08:40 -0800 (PST)
If you're split tunneling, then yes there is a danger: http://www.isaserver.org/tutorials/2004fixipsectunnel.html Jeff --- ACMurray () cmp com wrote:
It's worth a try. I was following this thread with considerable interest because I couldn't log onto AIM either--until I tried when not running through the remote access VPN. If I'm just connected to the Internet but not connected to headquarters via our VPN, AIM lets me log on just fine. If I log into AIM and then activate the VPN, the AIM connection continues without a problem. However, if I activate the VPN and then try to log into AIM, I get nothing. Of course, this opens another question: is there a security risk in connecting to AIM first and then using the VPN? Andrew Conry-Murray "Phillip R Cooper II" <pcooper@wareoneart To h.com> <belka () att net>, <incidents () securityfocus com> 03/16/2006 11:38 AM cc Subject RE: Possible AIM Hack? here's something that occurred to me- are you by chance VPN'd into a common network during all these attempts? Perhaps there's been a block instituted on whatever port AIM communicates on, and you've not been informed for whatever reason. I know this is VERY basic, and possibly will be thought to be my attempt to insult you. Not at all. With the alphabet soup after your name, it's apparent you know much more than I. But I've a feeling this is going to be something incredibly simple that is being overlooked, as often happens in this industry. Hey, we've all been there- troubleshooting the network and finding out later after much agravation that we'd used the wrong cable in the first place. ;) -----Original Message----- From: belka () att net [mailto:belka () att net] Sent: Thursday, March 16, 2006 9:20 AM To: incidents () securityfocus com Subject: Re: Possible AIM Hack? As far as the AIM server being temporarily down, as of 0900 EST (GMT -5) 16 MAR 06, it is still not possible (at least for me) to create a new AIM user account. I would encourage others to go to www.aim.com and attempt to create an AIM identity and see if they get the same results. I have tried creating a new account in at least four different cities in the last week using different hardware, ISPs, etc. -- all with no effect. With every attempt I receive a pop up java script window stating "The service you are attempting to use is temporarily unavailable,error 20814" This message has been returned since last week -- if the authentication server is 'casters up", then the system admins at AIM are operating under a very, very, generous Service Levels Agreement. My experience is that if you are down a week, its time to break out the disaster recovery plans. In fairness, however, AIM is a free service. Free usually means you get what you pay for. Right now I am receiving from AOL exactly what I have been paying -- nothing. But in seriousness, a lot of people depend on AIM for social and even business interaction. It has, free or not, become a "critical application" to a lot of people. I made a couple of attempts to contact AOL about the problem, without result. In a larger context, if there is a problem at AOL with AIM, and it has been hacked, and it has been down over a week -- what of the data and accounts of the gazillions of users who are regulars on AIM? Is that data safe? Given the recent stories about the spike in debit card fraud recently, and that spike has been tenatively traced back to a possibility of a vendor that wat was hacked and lost the data (stay tuned to this story as it develops), the circumstances that my account "disappeared" and the fact that creating a new account is disabled is troubling. -- Rob Frazier, CISSP, ISSAP www.xakephet.com 325-695-7238 Lab 817-271-7557 -------------- Original message ---------------------- From: "Steven" <steven () lovebug org>Well like I said it could be a number of things but if you cannotlogonanymore as I said then there's a good chance of a compromise. Thewholepart about not being able to logon anymore would indicate apersistentproblem that is permanent and not some problem signing on for a fewminutes.That would mean you couldn't logon right after getting kicked off,10 minslater, 6 hours later, 5 days later, etc. Additionally, if someserver thatgives a yea/nay is on a coffe + donut break -- what would that haveto dowith kicking you offline after already being authenticated? Let's see it's been at least a day. Can you logon now? If theanswer isyes.. chances are someone didn't steal your account. If the answeris no --I'll go with you're compromised or you forgot your password.Anyway that'sjust one possible reason which defintely occurs quite frequently topeoplewith desirable screen names or that have pissed off someone. Steven ----- Original Message ----- From: <Valdis.Kletnieks () vt edu> To: "Steven" <steven () lovebug org> Cc: "Travis Haymore" <thaymore () gmail com>; <belka () att net>; <incidents () securityfocus com> Sent: Tuesday, March 14, 2006 8:02 PM Subject: Re: Possible AIM Hack? On Tue, 14 Mar 2006 16:12:50 EST, Steven said:logged off and can no longer logon anymore -- then that is adifferent
=== message truncated ===
Current thread:
- Re: Possible AIM Hack?, (continued)
- Re: Possible AIM Hack? Steven (Mar 16)
- Re: Possible AIM Hack? CISO (Mar 14)
- RE: Possible AIM Hack? Jeff Britton, Monitored Security (Mar 14)
- Message not available
- RE: Possible AIM Hack? Benjamin Tomhave (Mar 14)
- Message not available
- RE: Possible AIM Hack? Jeff Britton, Monitored Security (Mar 15)
- Re: Possible AIM Hack? belka (Mar 16)
- Re: Possible AIM Hack? Dustin Childers (Mar 16)
- RE: Possible AIM Hack? Phillip R Cooper II (Mar 16)
- RE: Possible AIM Hack? ACMurray (Mar 16)
- Re: Possible AIM Hack? Valdis . Kletnieks (Mar 17)
- RE: Possible AIM Hack? Jeff Bryner (Mar 17)