1 last small worthless AIM pointFrom: leon (firstname.lastname@example.org)
- Previous message: Meritt James: "Re: BCC email virus"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "leon" <email@example.com> To: <firstname.lastname@example.org> Date: Wed, 30 Jan 2002 09:13:26 -0500
-----BEGIN PGP SIGNED MESSAGE-----
It has recently come to my attention that the buffer overflowing
affecting aim is still remotely exploitable.
I just thought that I would let the list know that CONTARY TO
PUBLISHED REPORTS the vulnerability is still being actively
I did a little testing at home and it seems the newest version of the
aim client (4.8.2646) is NOT vulnerable.
I would also like to point out that this is a great reason why
shortcuts and security just don't play nicely together.
Instead of fixing and making a big point to let everyone know about
the vulnerability (as in we messed up but most
software companies do, here's a patch or you MUST download the newest
version,) AOL took the easy way out and claimed
to fix the problem at the server. Bull-cocky. If the problem is
fixed at the server how come I am still able to kick people
off with aimfilter? (rhetorical ;)
D'oh! AOl's engineers or Oracle's engineers; who is doing worse in
the month of January? One is breakable the other is remotely
Cheers to the group,
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
-----END PGP SIGNATURE-----