[23678] in bugtraq
Re: AIM addendum
daemon@ATHENA.MIT.EDU (Paul Schmehl)
Wed Jan 2 15:35:39 2002
Date: Wed, 02 Jan 2002 13:42:08 -0600
From: Paul Schmehl <pauls@utdallas.edu>
To: Matt Conover <shok@dataforce.net>, bugtraq@securityfocus.com
Message-ID: <2082624.1009978928@pc47794.campus.ad.utdallas.edu>
In-Reply-To: <Pine.LNX.3.95.1020102211024.22549O-100000@cannabis.dataforce.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
The temporary solution you provide would only protect you so long as all
the buddies on your list were not compromised. As soon as one buddy is
compromised, then you are vulnerable *through* that buddy. Or am I not
clearly understanding this exploit?
--On Wednesday, January 02, 2002 9:17 PM +0300 Matt Conover
<shok@dataforce.net> wrote:
>
> 2. A temporary solution to this vulnerability is:
> 1. Go to your Preferences
> 2. Go to the Privacy section
> 3. Click "Allow only users on my Buddy List" under "who can contact me"
>
> This will disable the vulnerability because you will appear signed off to
> anyone not in your buddy 3.
Paul Schmehl (pauls@utdallas.edu)
Supervisor of Support Services
The University of Texas at Dallas
AVIEN Founding Member
