HZRN.COM
welcome to my space
X
Search:  
Economics | Home Improvement | Ezines and Newsletters | Crockpot Recipes | Hardware | Cosmetics | Vans | Careers | Related articles
Welcome to:hzrn.com
 HOME   AOL's AIM Forces the Issue

AOL's AIM Forces the Issue

Published by: anonym 2009-01-06

America Online's AOL Instant Messenger (AIM) -- specifically, version 4.7 of the immensely popular IM client -- can be forced into accepting new screen names or other functions from Web sites, e-mails and other venues that can use a specific HTTP tag, according to one IT group. Malicious hackers using the exploit can force users to join any chat room or to change their buddy icons, among other actions.

Mindflip.org says this can be done with the use of the "refresh" html tag, along with using the "aim:" http link and some JavaScript. The group's testing shows that this issue affects those people using the 4.7 client on Windows 9x, Me, 2000 and XW, as well as on the 4.5 version of the Macintosh OS9x/X.*. The AIM client available for Linux is not affected, mindflip.org said.

In the most benign effect of using the issue, a person notices that a new buddy or group of buddies has been added to his Buddy List. A Web site using the refresh code can load new buddies into a person's Buddy List in the same way that a user can if they click on a Web page link to do so.

AOL officials were not immediately available for comment on this story. Mindflip.org said it called AOL on the matter a few months ago and was told that the exploit was a feature that would not be removed from 4.7 but modified in future versions of the client. The group said version 4.8 of the client "has been modified to prompt the users when modifications to their (Buddy List) are about to take place."

InstantMessagingPlanet was only able to confirm that the exploit -- run from a mindflip.org test page -- does not work the same on the new AIM 5.0 beta as it does with AIM 4.7. With the 5.0 client, a box pops up asking the user to confirm if they want to add new screen names to his or her buddy list.

Interestingly, when we tested the issue from the Web browser in the AOL 7.0 proprietary client, it launched AIM 5.0 beta and asked to add the new screen names to the Buddy List. Mindflip.org said in some cases the AIM client launches automatically when the exploit is run.

AOL / XM Update::
< Sign-in issue res. Thursday, March 27, 2008 AOL Radio an Offi > Friday, April 18, 2008 just another screwed up mess forced on Americans.I was happy with
http://journals.aol.com/theradioblog/aolradio/entries/2008/04/02/aol--xm-update/1640HOME
British forces kill Taliban chief - AOL News::
Home | Email | AIM | Help | Make AOL My Homepage. AOL. Thursday, 17 July 2008. News. Web Lenders go-ahead for rights issue. HBOS shares still below offer price
http://news.aol.co.uk/british-forces-kill-taliban-chief/article/20080716120126017289732HOME
More malicious hackers, through the use of refresh, "aim:" links and JavaScript code, can register a new screen name to a person's AIM client and force that user to log on with the new name, mindflip.org says. Other possible forced actions include:

  • Launching and forcing users to join any chat room, including sexually oriented rooms
  • Setting the buddy icon (think possible pornographic icons here)
  • Automatically fetching a file from another AIM user -- generally, a user will receive a warning about this unless that feature already has been disabled

Also, as unscrupulous marketers can use the issue to force their own screen names onto Buddy Lists, they can force users to view marketing messages without giving them the option to decline it -- because that marketer is already on the person's Buddy List.

"With the use of a little JavaScript...one could potentially force many behaviors with one page load," mindflip.org says.

Of course, any and all new screen names can be deleted from a Buddy List once they're added by this issue. This can be problematic, though, for people who have hundreds of screen names on their list.

One way to partially avoid this issue is to download and use AOL's new version 4.8 of its client. At least then the user has the opportunity to decline the changes being made to a Buddy List.

Bob Woods is the managing editor of InstantMessagingPlanet.


Hacktivists Make Software to Deliver Censored Content
House Votes Life for Malicious Hackers

PRINT Add to favorites
  • don t give up on advanced human bird flu cases expert
  • clinical mgmt of human infection w ai who
  • effect of altitude on hospitalizations for respiratory syncytial virus infection
  • new discovery made on avian flu detection
  • rapid tests for bird flu are flawed studies show
  • news from 5th international bird flu conference sept 27 28
  • awaiting lengthy lab confirmation of bird flu risks treatment delays studies find
  • human infections with h5n1 and proposed localclinical management guideline
  • detecting disease during a pandemic
  • sugar finding could help fight flu
  • new device detects avian flu strains fast
  • new drug to boost defence against bird flu pandemic
  • dutch case of atypical pneumonia after culling h5n1 ducks infected chlamydophia p
  • breakthrough diagnostic kits for viral pandemics developed by israeli scientist
    		•  
  • s pore scientists create device to detect h5n1
  • new patch trials
  • singapore scientists develop lab on chip bird flu tests
  • wangh creates dna detection method
  • new biosensor detects avian influenza in just minutes
  • new way to fight the flu
  • doctors who have treated bird flu cases meet to share treatment info
  • bring in flu self tests urges tamiflu scientist
  • qiagen to supply singapore ministry of health with avian flu surveillance solutions
  • blood plasma from bird flu survivors may help other bird flu patients
  • p c r testing challenges
  • sentinel laboratories in abkhazia procedures autonomous region of georgia
  • major progress in anadis milk based anti influenza flu virus antibodies project
    • #If you have any other info about this subject , Please add it free.#
    Your name:
    E-mail:
    Telphone:

    Your comments:


    If you have any other info about AOL's AIM Forces the Issue , Please add it free.
     Homepage | Add to favorites | Contact us | Exchange links | LOGIN | Site map | 
    Copyright© 2008 hzrn.com        Site made:CFZ