Re: How was this "attack" possible?
From: MyCom (anonymous_at_discussions.microsoft.com)
Date: 08/03/04
- Next message: Phillip Windell: "Re: Win98se User Login Prompt"
- Previous message: John Smith: "Possible IE Bug? Recreated on two different machines."
- In reply to: S. Pidgorny
: "Re: How was this "attack" possible?" - Next in thread: r: "RE: How was this "attack" possible?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 3 Aug 2004 13:15:18 -0700
Thank you for your time and your reply.
Well, I did a little digging around on Google, and found
this:
___________________________________________________________
Digi-Net Technologies DigiChat User IP Information
Disclosure Vulnerability
BugTraq ID: 5019
Remote: Yes
Date Published: Jun 14 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/5019
Summary:
DigiChat is a web based chat application [Java-based
client/server] maintained by Digi-Net. DigiChat runs on
most Microsoft Windows and UNIX platforms.
It is possible for chat users to obtain sensitive
information about other chat visitors.
By design, only ChatMasters are able to resolve the IP
address of visiting chat users. However, it is reportedly
possible for users to obtain the IP address of chat
visitors by including '<Param Name="Showip"Value="True">'
in the chat applet. As a result, IP address information is
disclosed when viewing the information details of visitors.
An attacker may exploit this flaw to gain unauthorized
access to sensitive information about site users.
This issue has been reported in DigiChat 3.5, however
other versions may also be affected by this.
___________________________________________________________
I know this might not be related to what happened to me
(especially since I was using DigiChat 4.0.3.1), but it
makes the point that I guess not everything is 100%
secure. A search on Google reveals not so reputable places
advertising programs to help you "boot" people off
DigiChat, hack into DigiChat, etc.
Either way, like you said, my system is indeed updated, I
ran a virus and spyware scan, and I have a firewall.
Hopefully, I'm okay.
However, I don't think I'll be going to chat-avenue.com or
to use DigiChat again; my computer is too important to me
to lose it through chatting with someone. (Paranoid, yes,
but hey, better to be safe than sorry!)
>-----Original Message-----
>The appearence of the popup window might be not a result
of the browser
>vulnerability but a result of the chat server compromise -
to my best
>knowledge, Internet Explorer without add-ons opens pop-up
windows. Install a
>pop-up blocker. If the system is fully updated and you
didn't allow the
>ActiveX to run, likely there's no consequence for you.
>
- Next message: Phillip Windell: "Re: Win98se User Login Prompt"
- Previous message: John Smith: "Possible IE Bug? Recreated on two different machines."
- In reply to: S. Pidgorny
: "Re: How was this "attack" possible?" - Next in thread: r: "RE: How was this "attack" possible?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
