borfast Posted August 10, 2004 Posted August 10, 2004 (edited) Since there's a lot of people here using AIM, I thought I'd let you know about this: http://www.infoworld.com/article/04/08/09/HNaolimflaw_1.html Perhaps it's time to switch to a better alternative, like Gaim? Edit: Extra info from a slashdot comment: Unfortunately, the article this story links to has a rather large mistake. It states: However, AIM users would have to click on the URL to trigger the vulnerability, which will make it harder for malicious hackers or virus writers to use it in automated attacks, Weinstein said. This is completely and totally wrong. Any web page can launch URLs of the form aim:goaway?message=Anything+goes+here by many different means without user intervention: * Redirect response codes * Meta redirect tags * Frames * iframes * Javascript popups Any one of those methods will change your away message automatically, without any confirmation on your part. And if the part in the message= section is more than 1024 characters, arbitrary code can be executed on your machine. The only sure way to protect yourself against this is to remove the HKEY_CLASSES_ROOT\aim registry key, which will disable the AIM protocol altogether, as explained here [idefense.com]. Edited August 10, 2004 by TCH-Raul Quote
TCH-Thomas Posted August 10, 2004 Posted August 10, 2004 Might not be security issues but it seems like Gaim needs a lot of patches too. Quote
borfast Posted August 10, 2004 Author Posted August 10, 2004 Thomas, not all of those are security related patches. Besides, when a major security problem is discovered, they release a new version of Gaim. I'm not saying AOL is not going to release a new version of AIM, I'm sure they will. But IMHO, Gaim is a better instant messenger than most others just for the simple fact of being able to communicate through several different protocols, like Yahoo! Messenger, Jabber, IRC, MSN Messenger to name a few Quote
TCH-Thomas Posted August 10, 2004 Posted August 10, 2004 (edited) not all of those are security related patchesI know, thats why I saidMight not be security issues I´d like to add similar replacement/alternative for aol, msn etc Trillian. I dont use it myself, but I heard alot of people here do. Edited August 10, 2004 by Jikrantz Quote
TCH-Rob Posted August 10, 2004 Posted August 10, 2004 I use Trillian, it gets my vote.Thumbs Up I would use Gaim but since Raul uses it I cannot. He is too hardcore for me. Quote
borfast Posted August 10, 2004 Author Posted August 10, 2004 LOL @ Rob Trillian is pretty good, too. Perhaps even better than Gaim, in certain ways. I used to use it before switching to Linux. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.