Yet another reason never to use AOL...
AOL Instant Messenger is used by many millions of people to send and receive
messages in real-time. It features several "states" for a user, such as
away, idle, etc. that change the behavior of the client when set. AOL
employs a feature "Hide windows while away" that, as its name implies, hides
all windows in AIM while the user is away. However, even with windows
hidden, it is possible for snoopers to view conversation.
If a user sends you a message while you are away, and regardless of "hide
windows" being enabled, the entire conversation between the two parties
becomes readable to anyone with access to the terminal just by clicking the
desired screen name.
Example:
1) 2 users chat...
2) user A leaves, setting away status
3) user B checks with a simple "are you there?" type message
4) upon receiving the away, no further messages are exchanged, as user A has
left
5) someone with local access checks the away queue for info
6) checking each screen name, he/she saves each transcript
7) user A returns, and responds to the message
8) chat continues...
Workaround: Don't use away state, or close all conversation windows
yourself; never use the hide window feature, that is just lazy. :-)
"The reason the mainstream is thought
of as a stream is because it is
so shallow."
- Author Unknown
_______________________________________________
Full-Disclosure - We believe in it.
Full-Disclosureat_private
http://lists.netsys.com/mailman/listinfo/full-disclosure
This archive was generated by hypermail 2b30 : Sun Aug 04 2002 - 19:19:51 PDT