 |
 |
|
 |
|
|||
|
|||
|
|||
|
|
Security group: AIM fix features flaw
By Joris Evers (IDG) -- Software recommended by security group w00w00 to plug a hole in America Online's Instant Messenger opens the user's system to hacker attacks and can direct the user's Web browser to pornographic Web sites, w00w00 says. The security group was the first to publicize the hole in AIM last week, prompting AOL to take action and correct the problem on the server side within a few days. America Online is a sister AOL Time Warner company to CNN.com. In its initial warning, w00w00 advised users to download and install a third-party program called AIM Filter for immediate protection, but this software comes with its own security problems, a member of the w00w00 team writes in a posting to the Bugtraq mailing list.
"At the time, Robbie Saunders' AIM Filter seemed like a nice temporary solution. Unfortunately, it instead produces cash-paid click-throughs over time intervals and contains back door code," Jordan Ritter writes. The click-throughs in question direct the user's Web browser to advertisements using Saunders' referral code, generating commission payments for him. Cleaned upW00w00 now offers a cleaned up version of AIM Filter without these security holes, Ritter writes. The problems with the software, designed to block certain AIM functions, were only discovered on January 5 when Saunders released the source code for his filter, Ritter says in the Bugtraq posting, apologizing for the error. AIM Filter creator Saunders says in a statement on his Web site that AIM Filter allows him to remotely obtain a user's Internet Protocol address and AIM build number. It also allows him to shut down AIM Filter on a user's system and open five "embarrassing Web sites," the statement says. The porn Web sites only pop up when AIM Filter is launched, not at time intervals, he states. It's unknown how many people installed AIM Filter. One AIM user in a news group asks w00w00 for more detailed instructions on how to remove AIM Filter. A buffer overflow vulnerability existed in the shared game feature of AOL's Instant Messenger, AOL said on January 2. Attackers could access a users system by exploiting the vulnerability, according to w00w00. |
|
|
||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||
|
RELATED STORIES:
• Security hole found in AOL Instant Messenger
January 2, 2002 • AOL glitch blocks Harvard admissions e-mails January 1, 2002 • FTC OKs four more competitors for AOL cable December 31, 2001 • AOL's Pittman: Net industry remains undaunted December 12, 2001 RELATED IDG.net STORIES:
• AOL patches AIM security hole
(PCWorld.com) • AOL confirms security hole in AIM (PCWorld.com) • AOL denies responsibility for returned Harvard e-mails (Computerworld) • Cybervandalism jumped in 2001 (PCWorld.com) • Exposing Excel's dirty little secret (PCWorld.com) • FBI agency revises XP security alert (PCWorld.com) • Popular file-swap programs contained spyware (PCWorld.com) • Stand by for more nasty Web attacks in 2002 (InfoWorld.com) RELATED SITES:
• America Online, Inc. (AOL)
• w00w00 Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
TECHNOLOGY TOP STORIES:
• Report: SUVs pose danger to cars • New telemarketer tool trumps TeleZapper • Terra Lycos logs $2.2B loss • AOL to offer song downloads • Microsoft seeks fiscal fountain of youth (More) |
||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
| Back to the top | |
© 2003 Cable News Network LP, LLLP.
A Time Warner Company. All Rights Reserved. Terms under which this service is provided to you. Read our privacy guidelines. Contact us. |
