|
|
 
|
|
Author
|
Topic: Junk messages on AIM
|
|
|
|
|
|
|
Paul G. Thompson
The Weenie Man
Posts: 4718
From: Mount Vernon WA USA
Registered: Nov 2000
|
posted 05-09-2002 03:43 AM
I never had this problem with AIM or Microsoft's IM. However, I have with ICQ, which I never use anymore. For SPAM, Microsoft's Hotmail email address is the worst. But, like AOL, ALL of that stuff can be tuned out by selecting only email addresses you want to accept email from.With both programs, it is a pain in the butt to archive acceptable email addresses, but because of the scum bags, sometimes you have no choice if you want to maintain your privacy.
| IP: Logged
|
|
Jerry Chase
Phenomenal Film Handler
Posts: 1068
From: Margate, FL, USA
Registered: Nov 2000
|
posted 05-09-2002 11:50 AM
I steadfastly refuse to use instant messaging of any flavor because of potential security risks. I'll quote a brand new warning about AIM, and I suggest getting rid of AIM if you can."AOL Instant Messenger (AIM) has a major security vulnerability in all
stable (not beta) versions dating back to 4.2. This vulnerability
will allow remote penetration of the victim's system without any
indication as to who performed the attack. There is no opportunity
to refuse the request. This does not affect the non-Windows
versions, because the non-Windows versions currently do not yet
support the feature that this vulnerability occurs in. This particular vulnerability results from an overflow in the code
that parses a request to run an external application. This works with
any TLV type > 0x2711, because 0x2711 is filtered on the AIM server
side from the first vulnerability we reported. It appears that we
were correct in our original advisory when we stated, "This may be
more generic and exploitable through other means, but AOL has not
released enough information about their protocol for us to be able to
determine that." IMPLICATIONS This has the same implications as the original advisory, so I will
include the paragraphs from the first advisory:
AOL Instant Messenger (http://www.aim.com) has over 100 million
users. The implications of this vulnerability are huge and leave
the door wide open for a worm not unlike those that Microsoft
Outlook, IIS, et al. have all had (Melissa, ILOVEYOU, CodeRed,
Nimda, etc.). An exploit could download itself off the web,
determine the buddies of the victim, and then attack them also.
Given the general nature of social networks and how they are
structured, we predict that it wouldn't take long for such an
attack to propagate. The particular overflow described supra allows a payload can be
several thousand bytes long, which leaves lots of room for
creative shellcode. In addition, the shellcode can have null
bytes in it." I'm not going to point to the source or the warning because of other information on the page.
| IP: Logged
|
|
|
|
All times are Central (GMT -6:00)
|
|
Powered by Infopop Corporation
UBB.classicTM
6.3.1.2
The Film-Tech Forums are designed for various members related to the cinema industry to express their opinions, viewpoints and testimonials on various products, services and events based upon speculation, personal knowledge and factual information through use, therefore all views represented here allow no liability upon the publishers of this web site and the owners of said views assume no liability for any ill will resulting from these postings. The posts made here are for educational as well as entertainment purposes and as such anyone viewing this portion of the website must accept these views as statements of the author of that opinion
and agrees to release the authors from any and all liability.
|
Home
)
Printer-friendly view of this topic