RE: In regards to the insecurity of AOL Instant Messenger
From: jbarbo1 (jbarbo1@umbc.edu)Date: 08/06/02
- Previous message: Clemens 'Gullevek' Schwaighofer: "Re: ssh trojaned"
- Maybe in reply to: Adam Carr: "In regards to the insecurity of AOL Instant Messenger"
- Next in thread: John Scimone: "Re: In regards to the insecurity of AOL Instant Messenger"
- Next in thread: Alex Lambert: "Re: In regards to the insecurity of AOL Instant Messenger"
- Reply: John Scimone: "Re: In regards to the insecurity of AOL Instant Messenger"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 6 Aug 2002 08:51:42 -0400 From: jbarbo1 <jbarbo1@umbc.edu> To: "Adam Carr" <itsacarr@adelphia.net>, <vuln-dev@lists.securityfocus.com>
>Now my question, is how secure are normal "ims" on AIM. How difficult =
>would it be to listen to anothers msgs and if at all possible, how could =
>this be fixed.=20
Sniffing the line that the messages are transferred on would reveal the
contents. They are not encrypted. Maybe if encryption was used, it would
prevent eavesdropping, at least, some of it.
What about a man in the middle attack, anyone know of that being done
sucessfully? Posing as the main AIM server, then redirecting the contents of
the messages to the real server. Even on a side note, has anything ever been
done like an Open AIM Server. I know people have created open clients, but
what about an open server for it?
- Previous message: Clemens 'Gullevek' Schwaighofer: "Re: ssh trojaned"
- Maybe in reply to: Adam Carr: "In regards to the insecurity of AOL Instant Messenger"
- Next in thread: John Scimone: "Re: In regards to the insecurity of AOL Instant Messenger"
- Next in thread: Alex Lambert: "Re: In regards to the insecurity of AOL Instant Messenger"
- Reply: John Scimone: "Re: In regards to the insecurity of AOL Instant Messenger"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
