Actually on my Win2k install (AIM version 4.7.2480), the file is in: C:\Documents and Settings\<w2k user name>\Application Data\Aim\<AIM User Name> which would not be accessable by anyone but the user or someone with Administrator's rights ----- Original Message ----- From: "sunny licious" <sunnyliciousat_private> To: <bugtraqat_private> Sent: Monday, April 15, 2002 11:30 AM Subject: Ability to read buddy list of AIM users > > > Ive been able to do this on publicly accessible > computers...such as university labs...You can see > the buddy list of other people who have signed on to > AIM on that computer. On win2k in the folder named > winnt/AIM95/"screenname" there is a file called > userinfo.bag which stores all the names on your > buddy list...all you have to do is traverse to a different > screenname directory and open up the file with any > editor. In win XP the folder is in > winnt/system32/aim95. This pretty much works on > any OS although I havent tried linux and Mac yet. > Although this may not be a serious threat, its pretty > much a violation of privacy...and that is a right we all > have correct?? corrrect..Its pretty easy for anyone > being nosy to start harrasing people on your buddy > list. I hope this isnt a repost. Contacting AOL also > pretty much all that needs to be done is check out the > aim95 folder for a file called userinfo.bag
This archive was generated by hypermail 2b30 : Mon Apr 15 2002 - 11:58:14 PDT