[23691] in bugtraq
Re: AIM addendum
daemon@ATHENA.MIT.EDU (Mark Coleman)
Thu Jan 3 17:17:34 2002
Message-ID: <001901c1949f$64d86a20$52740a0a@sjdf>
From: "Mark Coleman" <mcoleman@uniontown.com>
To: "Matt Conover" <shok@dataforce.net>, "Paul Schmehl" <pauls@utdallas.edu>
Cc: <bugtraq@securityfocus.com>
Date: Thu, 3 Jan 2002 13:41:22 -0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
AIM fixed? Can anyone confirm?
http://www.msnbc.com/modules/exports/ct_email.asp?/news/680950.asp
Thanks,
Mark C.
----- Original Message -----
From: Matt Conover <shok@dataforce.net>
To: Paul Schmehl <pauls@utdallas.edu>
Cc: <bugtraq@securityfocus.com>
Sent: Wednesday, January 02, 2002 12:00 PM
Subject: Re: AIM addendum
> > The temporary solution you provide would only protect you so long as all
> > the buddies on your list were not compromised. As soon as one buddy is
> > compromised, then you are vulnerable *through* that buddy. Or am I not
> > clearly understanding this exploit?
>
> Yes, which is why in the original advisory we recommended AIM filter be
> installed. This will block the attack from anyone. So only allowing your
> buddies to contact you in addition to installing AIM filter will keep you
> secure until a new version of AIM comes out.
