Yet another reason never to use AOL... AOL Instant Messenger is used by many millions of people to send and receive messages in real-time. It features several "states" for a user, such as away, idle, etc. that change the behavior of the client when set. AOL employs a feature "Hide windows while away" that, as its name implies, hides all windows in AIM while the user is away. However, even with windows hidden, it is possible for snoopers to view conversation. If a user sends you a message while you are away, and regardless of "hide windows" being enabled, the entire conversation between the two parties becomes readable to anyone with access to the terminal just by clicking the desired screen name. Example: 1) 2 users chat... 2) user A leaves, setting away status 3) user B checks with a simple "are you there?" type message 4) upon receiving the away, no further messages are exchanged, as user A has left 5) someone with local access checks the away queue for info 6) checking each screen name, he/she saves each transcript 7) user A returns, and responds to the message 8) chat continues... Workaround: Don't use away state, or close all conversation windows yourself; never use the hide window feature, that is just lazy. :-) "The reason the mainstream is thought of as a stream is because it is so shallow." - Author Unknown _______________________________________________ Full-Disclosure - We believe in it. Full-Disclosureat_private http://lists.netsys.com/mailman/listinfo/full-disclosure
This archive was generated by hypermail 2b30 : Sun Aug 04 2002 - 19:19:51 PDT