[14862] in bugtraq
Re: AOL Instant Messenger
daemon@ATHENA.MIT.EDU (Oppenheimer, Max)
Wed May 10 20:44:16 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <009e01bfb9e7$254499e0$0b01a8c0@kplab.com>
Date: Tue, 9 May 2000 14:48:19 -0400
Reply-To: datatwirl@GIS.NET
From: "Oppenheimer, Max" <datatwirl@GIS.NET>
X-To: "Daniel P. Stasinski" <daniels@KAREMOR.COM>,
BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
napster does the same thing -- whenever you get a file off napster it
displays its full path, or atleast it does on linux versions of napster
obviously, it does the same thing with windows version, even if it might
not show it)
max
----- Original Message -----
From: Daniel P. Stasinski <daniels@KAREMOR.COM>
To: <BUGTRAQ@SECURITYFOCUS.COM>
Sent: Monday, May 08, 2000 2:08 PM
Subject: AOL Instant Messenger
> When sending a file to someone using AOL's Instant Messenger
> program, the entire local path of your file is shown to the
> recipient. Not only is this an invasion of privacy, it also
> opens the door to known security holes in web browsers where
> access can be gained to specific files provided that you know the
> full path to those files, or guessed file names in that same
> path.
>
> AOL has not responded to my direct reports.
>
> Daniel
>
