In regards to the insecurity of AOL Instant Messenger

["mike" <phar () thetransmission net>]

http://www.thetransmission.net/phar/

seventh link down..


-phar
phar () thetransmission net

> -----Original Message-----
> From: Adam Carr [mailto:itsacarr () adelphia net]
> Sent: Monday, August 05, 2002 3:58 PM
> To: vuln-dev () lists securityfocus com
> Subject: In regards to the insecurity of AOL Instant Messenger
>
>
> After seeing the recent emails about the hide windows while away =
> function while I don't quite understand that as a security threat this =
> does remind me of other insecurities of AIM and some questions I had as =
> well.
>
> The first threat to AIM users that I am aware of and have tested myself =
> is under Direct Connects with another user. With a targets ip, it is not =
> difficult at all to intercept the dcc's messages and to input your own. =
> Quite frightening. A simple fix is to change the port which AIM direct =
> connects on. Seeing as how my explanations are not that great I invite =
> anyone else who is aware of this to explain that flaw in AIM.
>
> Now my question, is how secure are normal "ims" on AIM. How difficult =
> would it be to listen to anothers msgs and if at all possible, how could =
> this be fixed.=20
>
> I know AIM has\had it's share of other vulnerabilities so please speak =
> up if you know of any. Thanks ...
>
> Cheers ...
> Adam