AOL AIM gets hacked - users redirected...

javacool · Apr 29, 2002

Couresty of internetnews.com:

AIM Today Gets Hacked
By Bob Woods

Users of America Online's instant-messaging program and system were unwittingly connected to profanity and pornography last Saturday, according to an anti-AOL Web site.
AOL Watch <linked removed because of links on that page to inappropraite content said that malicious hackers -- more accurately known as "crackers" -- inserted profane graffiti, X-rated photos and sound files throughout the "Entertainment" section in AIM Today. The AIM Today feature of AOL's Instant Messenger (AIM) generally pops up when a user first starts the AIM program, unless the user has disabled that feature.

Four separate categories within the Entertainment section were taken over by the malicious hackers, who then went on to post messages in those areas. If an unsuspecting user went to two of those lists, profanity-laced audio messages would automatically play on his or her system. One page even played a song from the rock group Prodigy.

The hack incident itself lasted for more than eight hours before it was removed from AIM Today, according to AOL Watch.

AOL officials were not immediately available for comment on the incident.

While the hack did not appear to affect people who use AIM for instant messaging-based conversations, the incident itself once again brings up the issue of security on the public IM networks. Just last week, an unintended feature surrounding the installation of AIM came to light -- the installation process of AIM on a PC covertly forces Microsoft Internet Explorer (IE) browsers to accept "Welcome to America Online" at free.aol.com as a "Trusted site." Automatically designating the free.aol.com site as a Trusted site allows AOL to install cookies and even run code on a user's PC without their knowledge.

And last January, AOL patched a security flaw in the 4.7 and 4.8 versions of AIM that potentially could have allowed destructive Internet worms to infect AIM's 100 million+ users. Because the patch is a server-side fix, AIM users do not have to download it.

For other security-related IM stories, visit InstantMessagingPlanet's Security archive page.

Bob Woods is the managing editor of InstantMessagingPlanet.

April 29, 2002
Click to expand...

While it is not so surprising that this happened, it does bring up the bigger issue of general IM security.

What would happen if an IM network gets taken over by hackers?
What would happen if those hackers changed the network to send code to exploit those people's computers?
What can we do to protect ourselves, if we use IM programs, from these issues? (Yes, I know about Trillian - but the protocols used by these networks can be a problem too - see below)
Should we lobby someone to have the IM networks increase their security and go over their network code and protocols to make sure the protocols themselves are secure?

Just asking some questions - feel free to answer (or ask more).

-javacool

Log in or Sign up

AOL AIM gets hacked - users redirected...

javacool BrightFort Moderator

Log in or Sign up

AOL AIM gets hacked - users redirected...

javacool BrightFort Moderator

Useful Searches