Vulnerability Development mailing list archives

RE: In regards to the insecurity of AOL Instant Messenger

From: jbarbo1 <jbarbo1 () umbc edu>
Date: Tue, 6 Aug 2002 08:51:42 -0400

Now my question, is how secure are normal "ims" on AIM. How difficult =
would it be to listen to anothers msgs and if at all possible, how could =
this be fixed.=20


Sniffing the line that the messages are transferred on would reveal the 
contents. They are not encrypted. Maybe if encryption was used, it would 
prevent eavesdropping, at least, some of it.

What about a man in the middle attack, anyone know of that being done 
sucessfully? Posing as the main AIM server, then redirecting the contents of 
the messages to the real server. Even on a side note, has anything ever been 
done like an Open AIM Server. I know people have created open clients, but 
what about an open server for it?

Current thread:

In regards to the insecurity of AOL Instant Messenger Adam Carr (Aug 05)
- Re: In regards to the insecurity of AOL Instant Messenger Alex Lambert (Aug 06)
  - Re: In regards to the insecurity of AOL Instant Messenger Nick Lange (Aug 06)
    - Re: In regards to the insecurity of AOL Instant Messenger moksha faced (Aug 06)
    - Re: In regards to the insecurity of AOL Instant Messenger Alex Lambert (Aug 06)
    - Re: In regards to the insecurity of AOL Instant Messenger Alex Lambert (Aug 06)
    - Re: In regards to the insecurity of AOL Instant Messenger Bojan Zdrnja (Aug 07)
  - Re: In regards to the insecurity of AOL Instant Messenger H C (Aug 06)
- <Possible follow-ups>
- RE: In regards to the insecurity of AOL Instant Messenger jbarbo1 (Aug 06)
  - Re: In regards to the insecurity of AOL Instant Messenger John Scimone (Aug 06)
- In regards to the insecurity of AOL Instant Messenger mike (Aug 06)
- RE: In regards to the insecurity of AOL Instant Messenger Seth Knox (Aug 06)
- RE: In regards to the insecurity of AOL Instant Messenger Jason Barbour (Aug 06)