IM-Based Vulnerability - 06/04/02 09:51 PM
A security vulnerability in the windows version of AOL Time Warner's Instant Messanger(AIM)chat application affected millions of AIM users untill the company secured AIM a week after the problem was first publicized. Unfortunatly for AOl and its customers a fix wasnt avalibile when news of the problem first appeared. A teenager discovered the vulnerability- which could have let intruders gain control of users computers- and gave the company little warning before publishing the details and a program thattook advantage of the problem untill potential intruders had already been tipped off. The 19 year old student who discovered the bug defended his actions by saying that he had emailed AOL but never got a response back.
The AOL vulnerability was similer to many of microsofts software problems because it involved a buffer-overrun glitch. (floods a software program with information , eventualy overwhelming it and fooling it into executing any valid commands). In AOL's case, intruders could use the AIM program to take control of user's computers and delete files.
Security analysts expect Instant Message(IM)-based vulnerabilities to surpass email-delivered threats within the next 5 years.
The AOL vulnerability was similer to many of microsofts software problems because it involved a buffer-overrun glitch. (floods a software program with information , eventualy overwhelming it and fooling it into executing any valid commands). In AOL's case, intruders could use the AIM program to take control of user's computers and delete files.
Security analysts expect Instant Message(IM)-based vulnerabilities to surpass email-delivered threats within the next 5 years.