The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


AOL Instant Messanger Bug


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
X-RDate: Wed, 25 Feb 1998 13:14:54 +0500 (ESK)
Date: Tue, 24 Feb 1998 15:02:32 -0600
From: Aleph One <[email protected]>
To: [email protected]
Subject: AOL Instant Messanger Bug

http://www.news.com/News/Item/0,4,19409,00.html?latest

                Student finds AOL bug
                By Janet Kornblum
                Staff Writer, CNET NEWS.COM
                February 24, 1998, 4:35 a.m. PT

                A 14-year-old high school student from
                Tampa, Florida has discovered a bug in
                America Online's (AOL) Instant Messenger
                (IM) system that could be used to
                surreptitiously send malicious computer
                code to Internet users of the IM system.

                AOL confirmed that there was a problem and
                is working on a solution, AOL spokeswoman
                Wendy Goldberg said.

                Although it is unclear if anyone has actually
                ever used the program to cause harm, like
                most bugs, the problem is that they could if
                they wanted to do so, said Stephen
                Hemingway, the high school freshman who
                discovered the bug.

                "I don't think anyone's used it yet but
                somebody could stumble across it very
                easily," he said.

                Hemingway said he was studying the IM
                program when he came across some
                interesting code: It looked strikingly similar
                to an Internet Explorer buffer overflow bug
                that he had read about earlier.

                That's when he realized that sophisticated
                users on AOL could use the IM client to send
                bugs or other code, including very small
                viruses, to unsuspecting Netizens.

                So Hemingway used the program to send
                himself some code that would jam his
                computer. It worked.

                Bill Mattocks, proprietor of Computer
                Solutions a small ISP in Kenosha, Wisconsin,
                also tested out the bug for NEWS.COM..

                Mattocks inserted random code into the
                program where Hemingway had indicated it
                could be done and sent it to his IM account
                on the Internet from his AOL account.

                The program, he said, "immediately
                generated an internal error and crashed.
                Windows 95 itself became unstable minutes
                later and the entire machine crashed, as
                well."

                Hemingway also said he was able to make his
                computer crash. Theoretically, the program
                could be used to send a small virus--less
                than 1,000 bytes large, Hemingway said.

                "I actually tried to infect myself with a virus to
                see if it was possible but I was unable to find
                a virus small enough," he said. "I didn't
                particularly like the idea of giving myself a
                virus anyway."

                While it is well known that malicious users on
                AOL, some of whom refer to themselves as
                hackers and many of whom are teenagers,
                like to try to jam up other users also using
                the system, their exploits have largely been
                confined to the AOL proprietary system.

                And while AOL, which has 11 million
                members, is often the center of criticism,
                public reports of software bugs, fairly
                commonplace for other software developers,
                are actually fairly unusual for the online
                giant. Most of AOL's software, however, is
                aimed at its own users on its proprietary
                system.

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру