[Full-Disclosure] Re: AOL Instant Messenger - Away Setting and Snoopers

From: Mark Shirley (full-disclosure@lists.netsys.com)
Date: 08/05/02 

From: full-disclosure@lists.netsys.com (Mark Shirley)
Date: Mon, 5 Aug 2002 03:29:23 -0400

certinly, if you don't use the "hide" option people can read your messages.
who cares? if there is a situation where your computer is on and your aim
message dialaogs or even your aim panel is displayed then the following must
be correct. 1) your computer is currently on 2) no security methods have
been engaged to prevent computer manipulation. thus it doesn't matter if
you use the hide or not. if a person wants to know what you're chatting
about there is nothing stopping them from finding out if the previous
situations were true. anyone that would even CONSIDER this as a "security
option" needs some assistance. i suppose it depends on what your uses are.
since the very first time i ever used aim i saw this option as a solution of
instant message popup windows of crashing my games when i'm playing them
full screen. i suppose someone who sees it as a security method would also
see the minimize button as a method of hiding their data as well as the
power button the ultimate form of security. do you see my point?

----- Original Message -----
From: "Matthew Murphy" <mattmurphy@kc.rr.com>
To: "Mark Shirley" <cyberfrog@core5.net>; "BugTraq"
<bugtraq@securityfocus.com>; "Full Disclosure"
<full-disclosure@lists.netsys.com>; "SecurITeam News" <news@securiteam.com>;
"Vuln-Dev" <vuln-dev@securityfocus.com>
Sent: Monday, August 05, 2002 3:09 AM
Subject: Re: AOL Instant Messenger - Away Setting and Snoopers

> >i fail to see the importance of this. the hide window option is
primarily
> >for preventing full screen applications (particularly games) from
crashing
> >or switching to the desktop when another user messages you. i highly
doubt
> >the hide window option is intended for any security purposes. if you're
> >conserned with people viewing your screen, lock it with a screensaver or
> >nt/2k/xp "lock" feature.
>
> "Hide window" stops people from viewing your windows. With this,
> somebody *could* view your window. It really is a matter of information
> disclosure -- do I need to see three pages of chat to tell me the
relevance
> of 2 messages while I'm away? Not likely...
>
>
>

Relevant Pages

  • [NT] IE Chromeless Window Vulnerabilities (More Examples)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Beyond Security in Canada ... A window without a frame, title bar, toolbars or scroll bars is known as a ... 'chromeless' window. ...
    (Securiteam)
  • Re: Javascript disabled in my browser?
    ... I have already enabled Active Scripting ... > Click "OK" to close the Security window. ... > JavaScript is now enabled for our web site. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: switching
    ... speciffic anti-trojan programmes out there,such as a2(a ... of a dialer landing on you?-you decide. ... Keep bang up to date with security patches. ... >> of these will try to open a window for them to dial ...
    (microsoft.public.security)
  • Re: Start a new process WITH a visible window from a service?
    ... Process starts BUT no window appears? ... A Desktop Station is basically a screen, ... - Window Station and Desktop are a security boundary, ... the clipboard to paste something into another app, ...
    (microsoft.public.vc.language)
  • Re: Buckwheat Beatdown! Cato Institute Drags Muslim PresiChmp to Woodshed for Severe Beating!
    ... providing enhanced security ... The Cost of Iraq, Afghanistan, and Other Global War on Terror ... Muzzy Screensaver, 15Mb; DemocRAT Screensaver, 18Mb! ... Cartoon Slideshow, Take Back America 2010 & 2012!, Are DemocRATs ...
    (alt.politics)