Vulnerability Development mailing list archives
Re: In regards to the insecurity of AOL Instant Messenger
From: "Alex Lambert" <alambert () webmaster com>
Date: Tue, 6 Aug 2002 11:15:53 -0500
Now my question, is how secure are normal "ims" on AIM. How difficult = would it be to listen to anothers msgs and if at all possible, how could = this be fixed.=20
"msgsnarf records selected messages from AOL Instant Mes- senger, ICQ 2000, IRC, MSN Messenger, or Yahoo Messenger chat sessions." (msgsnarf(8) manpage) AFAIK, none of the above protocols are usually encrypted. dsniff (http://www.monkey.org/~dugsong/dsniff/dsniff-2.3.tar.gz) can pick them up. apl ----- Original Message ----- From: "Adam Carr" <itsacarr () adelphia net> To: <vuln-dev () lists securityfocus com> Sent: Monday, August 05, 2002 5:58 PM Subject: In regards to the insecurity of AOL Instant Messenger
After seeing the recent emails about the hide windows while away = function while I don't quite understand that as a security threat this = does remind me of other insecurities of AIM and some questions I had as = well. The first threat to AIM users that I am aware of and have tested myself = is under Direct Connects with another user. With a targets ip, it is not = difficult at all to intercept the dcc's messages and to input your own. = Quite frightening. A simple fix is to change the port which AIM direct = connects on. Seeing as how my explanations are not that great I invite = anyone else who is aware of this to explain that flaw in AIM. Now my question, is how secure are normal "ims" on AIM. How difficult = would it be to listen to anothers msgs and if at all possible, how could = this be fixed.=20 I know AIM has\had it's share of other vulnerabilities so please speak = up if you know of any. Thanks ... Cheers ... Adam
Current thread:
- In regards to the insecurity of AOL Instant Messenger Adam Carr (Aug 05)
- Re: In regards to the insecurity of AOL Instant Messenger Alex Lambert (Aug 06)
- Re: In regards to the insecurity of AOL Instant Messenger Nick Lange (Aug 06)
- Re: In regards to the insecurity of AOL Instant Messenger moksha faced (Aug 06)
- Re: In regards to the insecurity of AOL Instant Messenger Alex Lambert (Aug 06)
- Re: In regards to the insecurity of AOL Instant Messenger Alex Lambert (Aug 06)
- Re: In regards to the insecurity of AOL Instant Messenger Bojan Zdrnja (Aug 07)
- Re: In regards to the insecurity of AOL Instant Messenger Nick Lange (Aug 06)
- Re: In regards to the insecurity of AOL Instant Messenger Alex Lambert (Aug 06)
- Re: In regards to the insecurity of AOL Instant Messenger H C (Aug 06)
- <Possible follow-ups>
- RE: In regards to the insecurity of AOL Instant Messenger jbarbo1 (Aug 06)
- Re: In regards to the insecurity of AOL Instant Messenger John Scimone (Aug 06)
- In regards to the insecurity of AOL Instant Messenger mike (Aug 06)
- RE: In regards to the insecurity of AOL Instant Messenger Seth Knox (Aug 06)