lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <000e01c23c23$51e0bcc0$e62d1c41@kc.rr.com>
From: mattmurphy at kc.rr.com (Matthew Murphy)
Subject: AOL Instant Messenger - Away Setting and Snoopers

Yet another reason never to use AOL...

AOL Instant Messenger is used by many millions of people to send and receive
messages in real-time.  It features several "states" for a user, such as
away, idle, etc. that change the behavior of the client when set.  AOL
employs a feature "Hide windows while away" that, as its name implies, hides
all windows in AIM while the user is away.  However, even with windows
hidden, it is possible for snoopers to view conversation.

If a user sends you a message while you are away, and regardless of "hide
windows" being enabled, the entire conversation between the two parties
becomes readable to anyone with access to the terminal just by clicking the
desired screen name.

Example:

1) 2 users chat...
2) user A leaves, setting away status
3) user B checks with a simple "are you there?" type message
4) upon receiving the away, no further messages are exchanged, as user A has
left
5) someone with local access checks the away queue for info
6) checking each screen name, he/she saves each transcript
7) user A returns, and responds to the message
8) chat continues...

Workaround: Don't use away state, or close all conversation windows
yourself; never use the hide window feature, that is just lazy. :-)

"The reason the mainstream is thought
of as a stream is because it is
so shallow."
                     - Author Unknown


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ