I do not have the ability to try this as I am at work, but if on an NTFS system, could you not lock down the users screenname directory so only they have access to it. This would probably solve the problem rather easily. -----Original Message----- From: sunny licious [mailto:sunnyliciousat_private] Sent: Monday, April 15, 2002 11:30 AM To: bugtraqat_private Subject: Ability to read buddy list of AIM users Ive been able to do this on publicly accessible computers...such as university labs...You can see the buddy list of other people who have signed on to AIM on that computer. On win2k in the folder named winnt/AIM95/"screenname" there is a file called userinfo.bag which stores all the names on your buddy list...all you have to do is traverse to a different screenname directory and open up the file with any editor. In win XP the folder is in winnt/system32/aim95. This pretty much works on any OS although I havent tried linux and Mac yet. Although this may not be a serious threat, its pretty much a violation of privacy...and that is a right we all have correct?? corrrect..Its pretty easy for anyone being nosy to start harrasing people on your buddy list. I hope this isnt a repost. Contacting AOL also pretty much all that needs to be done is check out the aim95 folder for a file called userinfo.bag
This archive was generated by hypermail 2b30 : Tue Apr 16 2002 - 23:03:34 PDT