Microsoft Surrenders IM War, Claims Security Risk

Posted by ryuzaki0 on Friday November 19, 1999 @03:25AM from the enemy-of-my-enemy dept.

calibanDNS writes "The BBC is running an article about Microsoft surrendering in its instant messaging war with AOL. According to the article, the latest version of AOL's instant messaging software 'blocks interoperability by exposing a very serious security bug in its software.'" MS would prefer it not be called a surrender, of course; see also the Nando Times article which hints at running arbitrary code on the client. Is this FUD, or will we carry a story next week about a new AOL IM exploit?

1 of 123 comments (clear)

Min score:

Reason:

Sort:

The exploit is there! by scheme · 1999-11-18 22:35 · Score: 5

The AOL IM actually has a buffer overflow exploit present. Basically whenever an AOL client connected to the server, the server smashed the stack and executed a piece of code that would send a packet back to the server. This let AOL change the authentication on the fly without updating the client. Of course, it also opened up some security holes. This was discussed on bugtraq in August.

--
"When you sit with a nice girl for two hours, it seems like two minutes. When you sit on a hot stove for two minutes, it