Acmlm's Board - I2 Archive - Hardware/Software - SECURITY HOLE: AOL Instant Messenger
| User | Post |
neotransotaku
Posts: 1613/4016 |
this only effected AOL Instant Messenger so I do not think it is so bad since AOLIM is much much better than AOL itself... after all, there is no series of patches that will fix up AOL... |
DarkSlaya
Posts: 2415/4249 |
Originally posted by Tarale
Unless I find a new vulnerability, of course.   Hehehe....
If this is like IE, than you'll find some real fast 
But yeah, I guess this Security Hole has been fixed. Hurray for AOHell. |
Tarale
Posts: 698/2720 |
You know, this can probably be unstickied by now
Unless I find a new vulnerability, of course. Hehehe.... |
neotransotaku
Posts: 1318/4016 |
yup...it is pretty much this is why I have now defected from AIM and is now using gaim... |
HyperLamer
Posts: 1492/8210 |
It is more serious than it seems. Imagine you had AIM open and came across this in a webpage:
<script>window.open("aim://goaway[exploit code]")</script>
You're screwed. 
Tarale
Posts: 279/2720 |
It probably is nothing to you, but I wonder how it's going to affect all the users that don't think before they click.. |
Shadic
Posts: 60/304 |
Wait, you have to click on a link?
If I read that right, it's nothing. >.< Just don't click on hotlinks from people you don't trust. |
neotransotaku
Posts: 1195/4016 |
hmm....buffer overrun...don't you love these C vulnerabilities
anyways, i'm not sure if I'm going to change over to a different AIM client and I'm relucant to upgrade past AIM v5.2. Not sure what I'm going to do 
thanks for the tip off |
FreeDOS
Posts: 626/1657 |
Of course, any exploit is serious and shouldn't be ignored...
It's also impossible (almost) to list nearly every AIM clone, or every program that supports AIM . Most probably don't work, some probably haven't gotten past the stage of "Hey, it'll be cool to make my own AIM program!" For myself, I use Gaim, partly because it's more secure than the real AIM, partly because the official AIM client on Linux sucks. |
Tarale
Posts: 262/2720 |
Ah, Surlent, I forgot Miranda, didn't I?
I've used that before too, and I quite like that one as well, and just that little more versatile than Trillian is out-of-the-box too
Course, I don't use Miranda at the moment, I'm using Adium. Fear the duck. |
DarkSlaya
Posts: 1064/4249 |
I used to use AIM but now I use Trillian. I could've been killed if I wouldn't have switched! |
Surlent
Posts: 528/1077 |
Originally posted by Yuri
[...]
If it's not Trillian I use, it's GAIM.
Or just use Miranda IM 
It's very small, hardly uses any system resources and unites ICQ, AIM, MSN and an IRC client.
As for AIM, usually I was satisfied with it (unlike the ICQ stand-alone messenger which sometikes takes ages to load at its start-up), but hearing about these security issues is not too good. Even the firewall cannot prevent these issues, since the required port(s) anyway need(s) to be open and any chat application requires server access |
Ailure
Posts: 4056/11162 |
AOL should make AIM from scratch. You know it's outdated when the folder it's installed in is called AIM95...
I have used Trillian since long time ago. I still use the MSN client seperatly, but just becuse of some of the features it have (which Trillian dosen't support )
If it's not Trillian I use, it's GAIM. |
Tarale
Posts: 261/2720 |
True, but they don't usually announce the danged things a whole lot.  Still, thought it would be fair to warn those that are using AIM. Which incidentally, is not me. |
FreeDOS
Posts: 624/1657 |
Real news would be a version of AIM without exploits. |
Tarale
Posts: 259/2720 |
FYI, there is a "critical security hole" in AOL Instant Messenger. Seeing as so many people here are AIM users, I thought I would pass this on so that you know.
There is an news article here: AOL IM "Away" message flaw deemed critical
and a more specific outline of the problem here: iDEFENSE:
I'm sure most of you use an alternate IM client (ie, Trillian, gAIM, Adium, etc) but for those who are using AOL's AIM client, this is for you. You guys will have to either switch to a different AIM client, or upgrade to the most recent beta available from the AIM site.
Enjoy. |
|
|
