Results 1 to 2 of 2

Thread: Aim Encryption, MSN security Hole

  1. #1
    Senior Member
    Join Date
    Aug 2001

    Aim Encryption, MSN security Hole

    From: IspWorld

    VeriSign, AOL to Offer Encrypted Instant Messaging

    By Reuters

    REDWOOD CITY, Calif. (Reuters) - VeriSign Inc. VRSN.O and AOL Time Warner Inc. AOL.N on Thursday announced a partnership to offer encoded chat messages through AOL Instant Messenger, the same day rival Microsoft Corp. MSFT.O warned users of a security hole in its own instant messaging service.

    VeriSign will issue security credentials to corporations for authenticating
    employees who want to send and receive encrypted messages over AOL Instant Messenger (AIM), David Gang, a product strategy manager at AOL, said during VeriSign's analyst day.

    Dubbed "Enterprise AIM," the service will go into beta testing before the end of May, Gang said.

    Corporate users represent about 20 percent to 25 percent of AIM's more than 150 million registered users, according to Gang.

    Security concerns about instant messaging and the fact that it is not that easy to save the messages has held back its use in corporations.

    Gene Munster, analyst at US Bancorp Piper Jaffray, was skeptical of the need or demand for encrypted instant messaging, noting that encrypted e-mail isn't even all that common and that AIM is free.

    Earlier on Thursday, Microsoft announced a patch for a security flaw related to its MSN Messenger program that could allow an attacker to have broad access to a victim's computer.
    I think it is great, that such a large company, as AOL, is bring encryption to the masses. Even though it was available before, I'm sure loads of people will think this is a new idea. And wonder why no one thought of it before. heh.

    MSN Messanger Security Hole Information
    From: Silcon
    MSN Messenger flaw opens PCs up to hackers

    Another Microsoft security hole...

    Microsoft has admitted that a security flaw

    in its MSN Messenger software could allow hackers to delete files or cripple a user's computer.

    The flaw enables hackers to exploit a feature that allows chat users in a single virtual location (i.e. a chat room) to exchange text messages in a separate ActiveX-based window.

    Hackers can exploit the vulnerability to impose a buffer- overflow attack, according to Microsoft. Buffer-overflow vulnerabilities allow hackers to execute potentially harmful programs on a victim's computer, deleting files or crippling the system's security.

    Attackers can issue the buffer overflow through HTML email or a malicious website.

    MSN Chat Control, MSN Messenger versions 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6 are affected by the glitch.

    The flaw was found by eEye Digital Security.

    Users can download an updated version of MSN Messenger or Exchange Instant Messenger, or download an updated version of MSN Chat control from the company's chat websites.

    See www.microsoft.com/technet for the security notice.
    savIRC :: The Multi-Platform IRC Client v. 1.8 [Released 9.04.02]

  2. #2
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    lol.. thats new.. lets see if AOL is willing to spend that much for encrypted messaging..

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts