In regards to the insecurity of AOL Instant Messenger

From: mike (phar@thetransmission.net)
Date: 08/06/02 

From: "mike" <phar@thetransmission.net>
To: <vuln-dev@lists.securityfocus.com>
Date: Tue, 6 Aug 2002 13:39:33 -0400

http://www.thetransmission.net/phar/

seventh link down..

-phar
phar@thetransmission.net

> -----Original Message-----
> From: Adam Carr [mailto:itsacarr@adelphia.net]
> Sent: Monday, August 05, 2002 3:58 PM
> To: vuln-dev@lists.securityfocus.com
> Subject: In regards to the insecurity of AOL Instant Messenger
>
>
> After seeing the recent emails about the hide windows while away =
> function while I don't quite understand that as a security threat this =
> does remind me of other insecurities of AIM and some questions I had as =
> well.
>
> The first threat to AIM users that I am aware of and have tested myself =
> is under Direct Connects with another user. With a targets ip, it is not =
> difficult at all to intercept the dcc's messages and to input your own. =
> Quite frightening. A simple fix is to change the port which AIM direct =
> connects on. Seeing as how my explanations are not that great I invite =
> anyone else who is aware of this to explain that flaw in AIM.
>
> Now my question, is how secure are normal "ims" on AIM. How difficult =
> would it be to listen to anothers msgs and if at all possible, how could =
> this be fixed.=20
>
> I know AIM has\had it's share of other vulnerabilities so please speak =
> up if you know of any. Thanks ...
>
> Cheers ...
> Adam
>
>
>
>
>
>

Relevant Pages

  • Re: In regards to the insecurity of AOL Instant Messenger
    ... some IRC servers allow SSL connections -- the ones I've seen ... Trillian also can do encrypted DCC (which is, besides the initial handshake, ... AIM has no native support for encrypted connections (or, if it does, I have ... In regards to the insecurity of AOL Instant Messenger ...
    (Vuln-Dev)
  • Re: In regards to the insecurity of AOL Instant Messenger
    ... > would it be to listen to anothers msgs and if at all possible, ... > does remind me of other insecurities of AIM and some questions I had as = ... > The first threat to AIM users that I am aware of and have tested myself = ... A simple fix is to change the port which AIM direct = ...
    (Vuln-Dev)
  • In regards to the insecurity of AOL Instant Messenger
    ... function while I don't quite understand that as a security threat this = ... The first threat to AIM users that I am aware of and have tested myself = ... A simple fix is to change the port which AIM direct = ...
    (Vuln-Dev)
  • Re: In regards to the insecurity of AOL Instant Messenger
    ... Trillian allows SSL over AIM protocol [or did allow in .72, ... In regards to the insecurity of AOL Instant Messenger ...
    (Vuln-Dev)
  • Re: Virtual PC/ICQ/iSight
    ... purposes, an AIM client. ... It can interact with Mac and PC AIM users just ...
    (microsoft.public.mac.virtualpc)