Posted by
ryuzaki0
on from the oops-they-did-it-again dept.
thedude13 writes " Infoworld is running a story about a major security hole in AOL ® Instant Messenger(TM) and how it handles away messages. AIM is vulnerable to a buffer overflow via the auto-response away message mechanism. Yet another reason to switch to, IMHO, a better client such as gaim."
more buffer over flows
by
RLW
·
· Score: 5, Insightful
When are we going to learn to incorporate bounds checking in to everything ? We have the CPU cyclces.
Re:more buffer over flows
by
bs_testability
·
· Score: 3, Insightful
I'm not having any more luck getting developers to incorporate self test, bounds checking,
and testability access points than I am trying to get my kids to eat vegetables.
Even tying bonuses to it motivates few.
Re:more buffer over flows
by
pjt33
·
· Score: 3, Insightful
When everyone uses Java or OCAML rather than C(++).
Jabber & Google
by
MarcoPon
·
· Score: 3, Insightful
I just hope that Google launch a Jabber based IM system; it will be a major boost to the adoption of Jabber's servers as an open standard.
It could also seamlessy integrated with GMail, using the same id both as the e-mail address and as JID.
Re:Major erratum in article
by
shird
·
· Score: 3, Insightful
And, ahem, how do you get to that launch page in the first place? magic?
Its not as if anyone can just post a meta-refresh onto the front page of google. A page/server would have to host that javascript/iframe/redirect/etc and you would have to convince someone to visit that in the first place.
Sure, you can use social engineering to get people to visit mysite.com/hack.htm or whatever, but thats exactly what the article is saying - you need to manually visit a malicious page in the first place.
October of 2003 wasn't "just found" not to mention you have to install a plugin that doesn't come with gaim by default. We're talking default configuration on windows compared to a nonstandard configuration on some OS. Apples and oranges.
-- - gtaluvit (prnc. GOT-tuh-LUV-it)
Re:Major erratum in article
by
Ieshan
·
· Score: 3, Insightful
Right, because no one who uses AOL Instant Messenger ever visits websites without trying.
Seriously, a combo exploit that affected webservers and AIM would net not only thousands of servers but thousands upon thousands of PCs. Individual PCs with no services are difficult to infect by worm with even the most minimal security settings, this would tank thousands of PCs because people are so naive when it comes to the 'net. AIM has always been "safe", they don't want to listen to how it might be "dangerous".
Of course, AOL can push out an update to the client tomorrow, and as long as the next version has more flashing lights, people will download it right away.
that they should use bug-ridden software is the wrong way to get them to like it. Gaim is only in version 0.81. Wait till it hits 1.0 before telling people to use it.
{thongue in cheek mode:ON} Apparently you have no idea what Open Source Software is either {/thongue in cheek mode:OFF}
More seriously : Unlike proprietary software, a opensource software whose version number is less than 1.x usually means more "warning: Not all cool function you would like to see are implemented yet" rather than "This software is an expreminental piece of crap, that will keep crashing your OS, please wait until we get out of beta stage before testing it, unless you backup your data often".
Personnaly I've been using Gaim since version 0.5x both under linux at home and under windows at work, and I can say : It's pretty stable. I've been telling my brother and my friends about it and they are happy too. The only reason it hasn't reached the 1.x milestone isn't because of the bugs, but because there are some features it's still missing (Mainly : some kind of file upload are missing, although things are a lot better since 0.80 ; Support for Webcams, etc...)
This is a common misconception, and a lot of newbie users can be heard complaining "Linux distro sucks, It' only full of bug ridden software : everything is version 0.xy"
-- "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Gaim not a full-featured alternative
by
mccalli
·
· Score: 3, Insightful
The smug "switch to Gaim" comment rather let the side down there, I think. Gaim is not a full-featured replacement. The particular deficiency I'm referring to is common to many alternative IM clients - yes, they all handle chat but very few go the whole hog and support video chats. Alternative MSN client supporting video? Not that I can find, though I'd be happy to be proved wrong here.
A quick search reveals a fork of the Gaim project here, which, err, aims to add video functionality. Looks good from the shots, though I haven't tried it myself.
The point of this is that people should think things through before just spouting off the top of their head. It doesn't help to have people say "yeah, use this free alternative!" and then have people turn round and say it doesn't work. I'd love to recommend a non-AOL AIM client to people, but until AV is handled I simply can't. Same for MSN -all very nice for text and file transfer, but not up to scratch for the advanced functions yet.
Slashdot Mirror
When are we going to learn to incorporate bounds checking in to everything ? We have the CPU cyclces.
It could also seamlessy integrated with GMail, using the same id both as the e-mail address and as JID.
Bye!
SeqBox
And, ahem, how do you get to that launch page in the first place? magic?
Its not as if anyone can just post a meta-refresh onto the front page of google. A page/server would have to host that javascript/iframe/redirect/etc and you would have to convince someone to visit that in the first place.
Sure, you can use social engineering to get people to visit mysite.com/hack.htm or whatever, but thats exactly what the article is saying - you need to manually visit a malicious page in the first place.
I.O.U One Sig.
October of 2003 wasn't "just found" not to mention you have to install a plugin that doesn't come with gaim by default. We're talking default configuration on windows compared to a nonstandard configuration on some OS. Apples and oranges.
- gtaluvit (prnc. GOT-tuh-LUV-it)
Right, because no one who uses AOL Instant Messenger ever visits websites without trying.
Seriously, a combo exploit that affected webservers and AIM would net not only thousands of servers but thousands upon thousands of PCs. Individual PCs with no services are difficult to infect by worm with even the most minimal security settings, this would tank thousands of PCs because people are so naive when it comes to the 'net. AIM has always been "safe", they don't want to listen to how it might be "dangerous".
Of course, AOL can push out an update to the client tomorrow, and as long as the next version has more flashing lights, people will download it right away.
{thongue in cheek mode:ON}
Apparently you have no idea what Open Source Software is either
{/thongue in cheek mode:OFF}
More seriously : Unlike proprietary software, a opensource software whose version number is less than 1.x usually means more "warning: Not all cool function you would like to see are implemented yet" rather than "This software is an expreminental piece of crap, that will keep crashing your OS, please wait until we get out of beta stage before testing it, unless you backup your data often".
Personnaly I've been using Gaim since version 0.5x both under linux at home and under windows at work, and I can say : It's pretty stable. I've been telling my brother and my friends about it and they are happy too.
The only reason it hasn't reached the 1.x milestone isn't because of the bugs, but because there are some features it's still missing (Mainly : some kind of file upload are missing, although things are a lot better since 0.80 ; Support for Webcams, etc
This is a common misconception, and a lot of newbie users can be heard complaining "Linux distro sucks, It' only full of bug ridden software : everything is version 0.xy"
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
A quick search reveals a fork of the Gaim project here, which, err, aims to add video functionality. Looks good from the shots, though I haven't tried it myself.
The point of this is that people should think things through before just spouting off the top of their head. It doesn't help to have people say "yeah, use this free alternative!" and then have people turn round and say it doesn't work. I'd love to recommend a non-AOL AIM client to people, but until AV is handled I simply can't. Same for MSN -all very nice for text and file transfer, but not up to scratch for the advanced functions yet.
Cheers,
Ian