('binary' encoding is not supported, stored as-is) ---AOL Instant Messenger Still Vulnurable to DoS attack--- Author: Nemisis (sbbuttsat_private) Synopis- After everything that has happened, with the game invite crash, File Crash, Buddy List Crash, Etc. AOL patched there AIM servers, to protect users against these attacks and released new versions of instant messenger. Sometime in the middle of January, you could no longer use AIM Filter, or Nemisis AIM Suite, to exploit these bugs. Upon execution of a Buddy List Kill Attack with AIM Suite (a DoS attack that locks up Windows AIM 4.7 and the first 4.8 beta with an overly large buddylist) , your would recive.. 'Error Code 14' from the server in your IM window. AOL's server-side block of this bug protected the target from having their client frozen. Now it seems that they have given up there server-side block of this kill, and it can once again be exploited. The newest AIM beta 4.8.24.64 I belive is not vulnurable to this attack. Implications- The problem is that when a user goes to www.AIM.com to download AIM, they are not given the chance out right to download the newest beta, you have to dig around the site to find the beta download page. Instead mass amounts of users are downloading AIM 4.7, which is STILL vulnurable to the Buddy Kill DoS attack. Why AOL fixed this problem on the server-side, and then un-fixed I wont even venture a guess on. Fix- For those who are wary to download any new Beta versions of AIM from AOL (and arn't we all) there is still the AIM Filter or Nemisis AIM Suite, alternative. Which are both availble at www.dreamscapeprod.com/nemisis -
This archive was generated by hypermail 2b30 : Fri Mar 01 2002 - 19:08:59 PST