Re: In regards to the insecurity of AOL Instant Messenger
From: moksha faced (admin@mokshafaced.com)Date: 08/06/02
- Previous message: mike: "In regards to the insecurity of AOL Instant Messenger"
- In reply to: Nick Lange: "Re: In regards to the insecurity of AOL Instant Messenger"
- Next in thread: Alex Lambert: "Re: In regards to the insecurity of AOL Instant Messenger"
- Next in thread: Alex Lambert: "Re: In regards to the insecurity of AOL Instant Messenger"
- Next in thread: H C: "Re: In regards to the insecurity of AOL Instant Messenger"
- Reply: Alex Lambert: "Re: In regards to the insecurity of AOL Instant Messenger"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 6 Aug 2002 11:15:42 -0700 (PDT) From: moksha faced <admin@mokshafaced.com> To: Nick Lange <nicklange@wi.rr.com>, Alex Lambert <alambert@webmaster.com>
silly question, but has anyone written a bot using
gaim or jaim?
--- Nick Lange <nicklange@wi.rr.com> wrote:
> Trillian allows SSL over AIM protocol [or did allow
> in .72, haven't checked
> the RC1 release yet].
> lICQ allowed SSL over ICQ as well...
> so it's there if you're willing to use alternative
> clients, but most people
> don't.
> nick
> ----- Original Message -----
> From: "Alex Lambert" <alambert@webmaster.com>
> To: "Adam Carr" <itsacarr@adelphia.net>;
> <vuln-dev@lists.securityfocus.com>
> Sent: Tuesday, August 06, 2002 11:15 AM
> Subject: Re: In regards to the insecurity of AOL
> Instant Messenger
>
>
> > > Now my question, is how secure are normal "ims"
> on AIM. How difficult =
> > > would it be to listen to anothers msgs and if at
> all possible, how could
> =
> > > this be fixed.=20
> >
> > "msgsnarf records selected messages from
> AOL Instant Mes-
> > senger, ICQ 2000, IRC, MSN Messenger, or
> Yahoo Messenger
> > chat sessions." (msgsnarf(8) manpage)
> >
> > AFAIK, none of the above protocols are usually
> encrypted. dsniff
> >
>
(http://www.monkey.org/~dugsong/dsniff/dsniff-2.3.tar.gz)
> can pick them
> up.
> >
> >
> >
> > apl
> > ----- Original Message -----
> > From: "Adam Carr" <itsacarr@adelphia.net>
> > To: <vuln-dev@lists.securityfocus.com>
> > Sent: Monday, August 05, 2002 5:58 PM
> > Subject: In regards to the insecurity of AOL
> Instant Messenger
> >
> >
> > > After seeing the recent emails about the hide
> windows while away =
> > > function while I don't quite understand that as
> a security threat this =
> > > does remind me of other insecurities of AIM and
> some questions I had as
> =
> > > well.
> > >
> > > The first threat to AIM users that I am aware of
> and have tested myself
> =
> > > is under Direct Connects with another user. With
> a targets ip, it is not
> =
> > > difficult at all to intercept the dcc's messages
> and to input your own.
> =
> > > Quite frightening. A simple fix is to change the
> port which AIM direct =
> > > connects on. Seeing as how my explanations are
> not that great I invite =
> > > anyone else who is aware of this to explain that
> flaw in AIM.
> > >
> > > Now my question, is how secure are normal "ims"
> on AIM. How difficult =
> > > would it be to listen to anothers msgs and if at
> all possible, how could
> =
> > > this be fixed.=20
> > >
> > > I know AIM has\had it's share of other
> vulnerabilities so please speak =
> > > up if you know of any. Thanks ...
> > >
> > > Cheers ...
> > > Adam
> > >
> > >
> > >
> > >
> > >
> >
>
- Previous message: mike: "In regards to the insecurity of AOL Instant Messenger"
- In reply to: Nick Lange: "Re: In regards to the insecurity of AOL Instant Messenger"
- Next in thread: Alex Lambert: "Re: In regards to the insecurity of AOL Instant Messenger"
- Next in thread: Alex Lambert: "Re: In regards to the insecurity of AOL Instant Messenger"
- Next in thread: H C: "Re: In regards to the insecurity of AOL Instant Messenger"
- Reply: Alex Lambert: "Re: In regards to the insecurity of AOL Instant Messenger"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
