Despite AOL's Claim, AIM Worm Hole Still Wide Open 75
Clown of the month writes "There's a nasty worm hole in America Online's standalone AIM (instant messaging) software that won't be patched until the middle of October. This vulnerability, first reported to AOL by researchers at Core Security more than a month ago, is caused by the way AIM supports the rendering of HTML content via an embedded Internet Explorer server control. AOL coordinated with Core on the release of an advisory, on the understanding that the flaw was patched in the latest beta version. As security researcher Aviv Raff discovered, the underlying vulnerability was never fixed. In the demonstration, Raff simply sent an IM to trigger the launch of the calculator application. The attack scenario works without the target clicking on a link and only requires that the AIM user is logged on and accepting incoming messages."
Re:just use pidgin! (Score:4, Insightful)
Just kick the big one, go gaim. (Score:1, Insightful)
Re:just use pidgin! (Score:5, Insightful)
Re:This is how the end of software giants begins (Score:2, Insightful)
You won't see any of that happen until it hits home for a couple of the high ups in government, if their data gets stolen big deal its tax payers who foot the bill , but if some one steals their identity and ruins their life for a couple months maybe something will change.
Re:People still use AOL-supplied AIM client? (Score:3, Insightful)
Re:People still use AOL-supplied AIM client? (Score:3, Insightful)