Slashdot Mirror

← Back to Stories (view on slashdot.org)

AOL Instant Messenger Remote Hole

Posted by michael on from the makes-remote-administration-easier dept.

The DSL Guy writes: "The non-profit security team w00w00.org started off 2002 by uncovering a serious flaw in AOL's Instant Messenger protocol. With over 100 million people registered on the AIM service, this vulnerability poses a serious security risk for Internet users worldwide. This flaw can enable remote users to execute code on any machine logged into the AOL IM service. "So easy to hack, no wonder it's number one!" Details can be found at the w00w00 site."

9 of 343 comments (clear)

  1. You have mail! by Monte · · Score: 3, Funny

    ...and now everyone has your mail!

  2. Re:Why not wait a day? by GTRacer · · Score: 3, Funny
    Maybe what they meant was:

    If we had tried to co-operate with AOL they would have tried to quash all public disclosure (including sploits). Therefore, we are disclosing now and expect them to run around like deranged monkeys trying to figure things out. Thank you and good day.

    Or maybe they just hate AOL like I do and want to make them squirm...

    GTRacer
    - No AOL on my IP-enabled PS2, THX!

    --
    Defending IP by destroying access to it? That makes sense, RIAA/MPAA. Go to the corner until you can play nice!
  3. Now they need a sound to go with their IM by A_Non_Moose · · Score: 5, Funny

    How about the "you got mail" dude do one that says "j00 g0t 0wN3D"!

    One of Many Instant Messenger Exploits (MIME for short), I'm sure.

    {if you are going to assinate a Mime, would you use a silencer?}

    --
    Have you read the moderator guidelines? Well, have you, PUNK? (and I want a Karma: Gnarly option)
  4. It couldn't be... by iiii · · Score: 4, Funny
    It couldn't be, because
    AOL is deeply committed to your security. We use state-of-the-art technology to keep your personal information as secure as possible. We also have put in place privacy protection control systems designed to ensure that the personal data you share with AOL is safe and private. In addition, AOL keeps your password strictly confidential, and all authentication for the Service is performed on AOL's secure servers. Sites participating in the Service may not collect or store AOL password information.

    From this site.

    --
    Light cup, beer drink, thin so chain, neck turtle fat, man I won't say it again
  5. Re:Warnings by Havokmon · · Score: 4, Funny

    One of ICQ's was a login buffer overflow. Basically if you used licq or a NON-Mirabilis version, you could login as anyone just by using a password longer than 15 chars (IIRC).

    Ok so I used it once to send two of my coworkers homo "I like to watch your ass" emails from each other...

    --
    "I can't give you a brain, so I'll give you a diploma" - The Great Oz (blatently stolen sig)
  6. Heh... first hack... by tcc · · Score: 4, Funny

    Change that annoying incomming Email .wav file...

    "You've got nailed"

    --
    --- Metamoderating abusive downgraders since my 300th post.
  7. w00w00? by fobbman · · Score: 4, Funny

    "The non-profit security team w00w00.org..."

    Oh, so the 1337 are going the non-profit route? Nice to see that they are going somewhat legit here, but are we going to see mass-defacement support drives once a month looking for donations, a la PBS? Are they going to only release their best exploits during these fund drives? And how much do I have to donate to get reach the benefactor level where I get the "Bill Gates unrestricted Amex card" number as a gift of thanks?

    More importantly, did Microsoft "give generously" during the "Here's how to hack AIM" episode of "Sesame Street"?

    "Today's Sesame Street was brought to you by the letters M, S, N, and the number 1."

  8. Not to be really dark and evil, but... by Brendan+Byrd · · Score: 2, Funny

    I'd love to see an I-Worm do this! It could scan for words like "Confidential", "payroll", "affair", "fired" and send e-mails to random people with copies of the message.

    Marriages would be broken.
    Important MS memos would be leaked.
    VPs with high salaries would be exposed.

    Oh, if I had the balls to write such things...

    --
    Zodiac Survey
  9. Re:So do the work in a civilised country by elmegil · · Score: 2, Funny

    So that when you come to the US you can be arrested by the Feds, held for a while, and then released. Good plan if you never want to visit the States....

    --
    7 November 2006: The day Americans realized corruption and incompetence weren't addressing 11 September 2001