Despite AOL's Claim, AIM Worm Hole Still Wide Open 75
Clown of the month writes "There's a nasty worm hole in America Online's standalone AIM (instant messaging) software that won't be patched until the middle of October. This vulnerability, first reported to AOL by researchers at Core Security more than a month ago, is caused by the way AIM supports the rendering of HTML content via an embedded Internet Explorer server control. AOL coordinated with Core on the release of an advisory, on the understanding that the flaw was patched in the latest beta version. As security researcher Aviv Raff discovered, the underlying vulnerability was never fixed. In the demonstration, Raff simply sent an IM to trigger the launch of the calculator application. The attack scenario works without the target clicking on a link and only requires that the AIM user is logged on and accepting incoming messages."
just use pidgin! (Score:4, Interesting)
People still use AOL-supplied AIM client? (Score:4, Interesting)
Re:People still use AOL-supplied AIM client? (Score:1, Interesting)
This is how the end of software giants begins (Score:4, Interesting)
Today we see people suggesting strongly that users abandon MS's new OS for many reasons. This is the arguably dominant desktop OS across the globe, and they are losing face for nothing more than treating users and customers like idiots.
It won't take long before no one will use AIM, and that problem will go away. Sure, it will still be around on someone's machine somewhere, but that user will die of stupidity soon anyway.
I may sound sarcastic, but I'm not, this is how the end begins. Making stupid mistakes, letting end users suffer, and generally thinking that not creating superior products is necessary. I personally choose to suffer bad driver support or other shortcomings than allow the OS manufacturer spy on my computer use, or worse report it back to someone else.
Google dances around this line quite a lot, but seems to still respect the user, and their privacy. I am seriously hoping that this issue becomes a US Presidential election issue. Privacy, security, and consumer rights where software is concerned. The MS stealth update is nothing more than malware. Commercial companies found guilty of DDoS and other sabotage efforts should be fined, and corporate officers imprisoned.
Yes, I could make the hardware on my desk secure by unplugging the network cable, but I can also make my car safe from accidents if I leave it in the garage. Neither is a suitable answer. Common sense should be applied to this, if your vehicle suddenly stopped getting > 25mpg because you filled the tank with brand X gasoline it would be a case for federal investigations. My computers cost as much as my car, I spend a great deal of money each month on or via my network connection using those computers. It is time that personal liberties and security were treated the same whether it is in regard to computing, or any other activity.
voting with your feet will eventually kill off the AIM client, but it should a case for a fine, if not more that the hole was left open negligently.
Forget installing software...just Meebo (Score:4, Interesting)
Oh yeah, and there's no need to remember multiple account password