Re: In regards to the insecurity of AOL Instant Messenger
From: Alex Lambert (alambert@webmaster.com)Date: 08/06/02
- Previous message: Alex Lambert: "Re: In regards to the insecurity of AOL Instant Messenger"
- In reply to: moksha faced: "Re: In regards to the insecurity of AOL Instant Messenger"
- Next in thread: Alex Lambert: "Re: In regards to the insecurity of AOL Instant Messenger"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Alex Lambert" <alambert@webmaster.com> To: "moksha faced" <admin@mokshafaced.com>, "Nick Lange" <nicklange@wi.rr.com> Date: Tue, 6 Aug 2002 14:33:10 -0500
Why? GAIM uses TOC, IIRC -- just use Net::AIM in perl or even dig up some
OSCAR documentation. It would be easier than hacking up a client to do the
same thing.
apl
----- Original Message -----
From: "moksha faced" <admin@mokshafaced.com>
To: "Nick Lange" <nicklange@wi.rr.com>; "Alex Lambert"
<alambert@webmaster.com>
Cc: <vuln-dev@securityfocus.com>
Sent: Tuesday, August 06, 2002 1:15 PM
Subject: Re: In regards to the insecurity of AOL Instant Messenger
> silly question, but has anyone written a bot using
> gaim or jaim?
> --- Nick Lange <nicklange@wi.rr.com> wrote:
> > Trillian allows SSL over AIM protocol [or did allow
> > in .72, haven't checked
> > the RC1 release yet].
> > lICQ allowed SSL over ICQ as well...
> > so it's there if you're willing to use alternative
> > clients, but most people
> > don't.
> > nick
> > ----- Original Message -----
> > From: "Alex Lambert" <alambert@webmaster.com>
> > To: "Adam Carr" <itsacarr@adelphia.net>;
> > <vuln-dev@lists.securityfocus.com>
> > Sent: Tuesday, August 06, 2002 11:15 AM
> > Subject: Re: In regards to the insecurity of AOL
> > Instant Messenger
> >
> >
> > > > Now my question, is how secure are normal "ims"
> > on AIM. How difficult =
> > > > would it be to listen to anothers msgs and if at
> > all possible, how could
> > =
> > > > this be fixed.=20
> > >
> > > "msgsnarf records selected messages from
> > AOL Instant Mes-
> > > senger, ICQ 2000, IRC, MSN Messenger, or
> > Yahoo Messenger
> > > chat sessions." (msgsnarf(8) manpage)
> > >
> > > AFAIK, none of the above protocols are usually
> > encrypted. dsniff
> > >
> >
> (http://www.monkey.org/~dugsong/dsniff/dsniff-2.3.tar.gz)
> > can pick them
> > up.
> > >
> > >
> > >
> > > apl
> > > ----- Original Message -----
> > > From: "Adam Carr" <itsacarr@adelphia.net>
> > > To: <vuln-dev@lists.securityfocus.com>
> > > Sent: Monday, August 05, 2002 5:58 PM
> > > Subject: In regards to the insecurity of AOL
> > Instant Messenger
> > >
> > >
> > > > After seeing the recent emails about the hide
> > windows while away =
> > > > function while I don't quite understand that as
> > a security threat this =
> > > > does remind me of other insecurities of AIM and
> > some questions I had as
> > =
> > > > well.
> > > >
> > > > The first threat to AIM users that I am aware of
> > and have tested myself
> > =
> > > > is under Direct Connects with another user. With
> > a targets ip, it is not
> > =
> > > > difficult at all to intercept the dcc's messages
> > and to input your own.
> > =
> > > > Quite frightening. A simple fix is to change the
> > port which AIM direct =
> > > > connects on. Seeing as how my explanations are
> > not that great I invite =
> > > > anyone else who is aware of this to explain that
> > flaw in AIM.
> > > >
> > > > Now my question, is how secure are normal "ims"
> > on AIM. How difficult =
> > > > would it be to listen to anothers msgs and if at
> > all possible, how could
> > =
> > > > this be fixed.=20
> > > >
> > > > I know AIM has\had it's share of other
> > vulnerabilities so please speak =
> > > > up if you know of any. Thanks ...
> > > >
> > > > Cheers ...
> > > > Adam
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> >
>
>
- Previous message: Alex Lambert: "Re: In regards to the insecurity of AOL Instant Messenger"
- In reply to: moksha faced: "Re: In regards to the insecurity of AOL Instant Messenger"
- Next in thread: Alex Lambert: "Re: In regards to the insecurity of AOL Instant Messenger"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
