Re: In regards to the insecurity of AOL Instant Messenger

From: moksha faced (adminat_private)
Date: Tue Aug 06 2002 - 11:15:42 PDT

Next message: Dave Aitel: "SPIKE 2.5 and associated vulns"

Previous message: Nick Lange: "Re: In regards to the insecurity of AOL Instant Messenger"
In reply to: Nick Lange: "Re: In regards to the insecurity of AOL Instant Messenger"
Next in thread: Alex Lambert: "Re: In regards to the insecurity of AOL Instant Messenger"
Next in thread: Alex Lambert: "Re: In regards to the insecurity of AOL Instant Messenger"
Reply: Alex Lambert: "Re: In regards to the insecurity of AOL Instant Messenger"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

silly question, but has anyone written a bot using
gaim or jaim?
--- Nick Lange <nicklangeat_private> wrote:
> Trillian allows SSL over AIM protocol [or did allow
> in .72, haven't checked
> the RC1 release yet].
> lICQ allowed SSL over ICQ as well...
> so it's there if you're willing to use alternative
> clients, but most people
> don't.
> nick
> ----- Original Message -----
> From: "Alex Lambert" <alambertat_private>
> To: "Adam Carr" <itsacarrat_private>;
> <vuln-devat_private>
> Sent: Tuesday, August 06, 2002 11:15 AM
> Subject: Re: In regards to the insecurity of AOL
> Instant Messenger
> 
> 
> > > Now my question, is how secure are normal "ims"
> on AIM. How difficult =
> > > would it be to listen to anothers msgs and if at
> all possible, how could
> =
> > > this be fixed.=20
> >
> >        "msgsnarf  records  selected messages from
> AOL Instant Mes-
> >        senger, ICQ 2000, IRC, MSN Messenger, or 
> Yahoo  Messenger
> >        chat sessions." (msgsnarf(8) manpage)
> >
> > AFAIK, none of the above protocols are usually
> encrypted. dsniff
> >
>
(http://www.monkey.org/~dugsong/dsniff/dsniff-2.3.tar.gz)
> can pick them
> up.
> >
> >
> >
> > apl
> > ----- Original Message -----
> > From: "Adam Carr" <itsacarrat_private>
> > To: <vuln-devat_private>
> > Sent: Monday, August 05, 2002 5:58 PM
> > Subject: In regards to the insecurity of AOL
> Instant Messenger
> >
> >
> > > After seeing the recent emails about the hide
> windows while away =
> > > function while I don't quite understand that as
> a security threat this =
> > > does remind me of other insecurities of AIM and
> some questions I had as
> =
> > > well.
> > >
> > > The first threat to AIM users that I am aware of
> and have tested myself
> =
> > > is under Direct Connects with another user. With
> a targets ip, it is not
> =
> > > difficult at all to intercept the dcc's messages
> and to input your own.
> =
> > > Quite frightening. A simple fix is to change the
> port which AIM direct =
> > > connects on. Seeing as how my explanations are
> not that great I invite =
> > > anyone else who is aware of this to explain that
> flaw in AIM.
> > >
> > > Now my question, is how secure are normal "ims"
> on AIM. How difficult =
> > > would it be to listen to anothers msgs and if at
> all possible, how could
> =
> > > this be fixed.=20
> > >
> > > I know AIM has\had it's share of other
> vulnerabilities so please speak =
> > > up if you know of any. Thanks ...
> > >
> > > Cheers ...
> > > Adam
> > >
> > >
> > >
> > >
> > >
> >
>

Next message: Dave Aitel: "SPIKE 2.5 and associated vulns"
Previous message: Nick Lange: "Re: In regards to the insecurity of AOL Instant Messenger"
In reply to: Nick Lange: "Re: In regards to the insecurity of AOL Instant Messenger"
Next in thread: Alex Lambert: "Re: In regards to the insecurity of AOL Instant Messenger"
Next in thread: Alex Lambert: "Re: In regards to the insecurity of AOL Instant Messenger"
Reply: Alex Lambert: "Re: In regards to the insecurity of AOL Instant Messenger"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Aug 06 2002 - 11:20:22 PDT