Re: In regards to the insecurity of AOL Instant Messenger

["Alex Lambert" <alambert () webmaster com>]

Additionally, some IRC servers allow SSL connections -- the ones I've seen
use port 994 (ircs).

Trillian also can do encrypted DCC (which is, besides the initial handshake,
handled by the two clients instead of the server).

AIM has no native support for encrypted connections (or, if it does, I have
never seen it used); Trillian allows two users (each with the Trillian
client) to communicate securely via SSL.


apl
----- Original Message -----
From: "Nick Lange" <nicklange () wi rr com>
To: "Alex Lambert" <alambert () webmaster com>
Cc: <vuln-dev () securityfocus com>
Sent: Tuesday, August 06, 2002 12:31 PM
Subject: Re: In regards to the insecurity of AOL Instant Messenger


> Trillian allows SSL over AIM protocol [or did allow in .72, haven't
checked
> the RC1 release yet].
> lICQ allowed SSL over ICQ as well...
> so it's there if you're willing to use alternative clients, but most
people
> don't.
> nick
> ----- Original Message -----
> From: "Alex Lambert" <alambert () webmaster com>
> To: "Adam Carr" <itsacarr () adelphia net>;
<vuln-dev () lists securityfocus com>
> Sent: Tuesday, August 06, 2002 11:15 AM
> Subject: Re: In regards to the insecurity of AOL Instant Messenger
>
>
> > > Now my question, is how secure are normal "ims" on AIM. How difficult
=
> > > would it be to listen to anothers msgs and if at all possible, how
could
> =
> > > this be fixed.=20
> >
> >        "msgsnarf  records  selected messages from AOL Instant Mes-
> >        senger, ICQ 2000, IRC, MSN Messenger, or  Yahoo  Messenger
> >        chat sessions." (msgsnarf(8) manpage)
> >
> > AFAIK, none of the above protocols are usually encrypted. dsniff
> > (http://www.monkey.org/~dugsong/dsniff/dsniff-2.3.tar.gz) can pick them
> up.
> > apl
> > ----- Original Message -----
> > From: "Adam Carr" <itsacarr () adelphia net>
> > To: <vuln-dev () lists securityfocus com>
> > Sent: Monday, August 05, 2002 5:58 PM
> > Subject: In regards to the insecurity of AOL Instant Messenger
> >
> >
> > > After seeing the recent emails about the hide windows while away =
> > > function while I don't quite understand that as a security threat this
=
> > > does remind me of other insecurities of AIM and some questions I had
as
> =
> > > well.
> > >
> > > The first threat to AIM users that I am aware of and have tested
myself
> =
> > > is under Direct Connects with another user. With a targets ip, it is
not
> =
> > > difficult at all to intercept the dcc's messages and to input your
own.
> =
> > > Quite frightening. A simple fix is to change the port which AIM direct
=
> > > connects on. Seeing as how my explanations are not that great I invite
=
> > > anyone else who is aware of this to explain that flaw in AIM.
> > >
> > > Now my question, is how secure are normal "ims" on AIM. How difficult
=
> > > would it be to listen to anothers msgs and if at all possible, how
could
> =
> > > this be fixed.=20
> > >
> > > I know AIM has\had it's share of other vulnerabilities so please speak
=
> > > up if you know of any. Thanks ...
> > >
> > > Cheers ...
> > > Adam