From: IspWorld

VeriSign, AOL to Offer Encrypted Instant Messaging

By Reuters
05/10/02


REDWOOD CITY, Calif. (Reuters) - VeriSign Inc. VRSN.O and AOL Time Warner Inc. AOL.N on Thursday announced a partnership to offer encoded chat messages through AOL Instant Messenger, the same day rival Microsoft Corp. MSFT.O warned users of a security hole in its own instant messaging service.


VeriSign will issue security credentials to corporations for authenticating
employees who want to send and receive encrypted messages over AOL Instant Messenger (AIM), David Gang, a product strategy manager at AOL, said during VeriSign's analyst day.

Dubbed "Enterprise AIM," the service will go into beta testing before the end of May, Gang said.

Corporate users represent about 20 percent to 25 percent of AIM's more than 150 million registered users, according to Gang.

Security concerns about instant messaging and the fact that it is not that easy to save the messages has held back its use in corporations.

Gene Munster, analyst at US Bancorp Piper Jaffray, was skeptical of the need or demand for encrypted instant messaging, noting that encrypted e-mail isn't even all that common and that AIM is free.

Earlier on Thursday, Microsoft announced a patch for a security flaw related to its MSN Messenger program that could allow an attacker to have broad access to a victim's computer.
---------
I think it is great, that such a large company, as AOL, is bring encryption to the masses. Even though it was available before, I'm sure loads of people will think this is a new idea. And wonder why no one thought of it before. heh.
---------

MSN Messanger Security Hole Information
From: Silcon
MSN Messenger flaw opens PCs up to hackers


Another Microsoft security hole...





Microsoft has admitted that a security flaw

in its MSN Messenger software could allow hackers to delete files or cripple a user's computer.

The flaw enables hackers to exploit a feature that allows chat users in a single virtual location (i.e. a chat room) to exchange text messages in a separate ActiveX-based window.

Hackers can exploit the vulnerability to impose a buffer- overflow attack, according to Microsoft. Buffer-overflow vulnerabilities allow hackers to execute potentially harmful programs on a victim's computer, deleting files or crippling the system's security.

Attackers can issue the buffer overflow through HTML email or a malicious website.

MSN Chat Control, MSN Messenger versions 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6 are affected by the glitch.

The flaw was found by eEye Digital Security.

Users can download an updated version of MSN Messenger or Exchange Instant Messenger, or download an updated version of MSN Chat control from the company's chat websites.

See www.microsoft.com/technet for the security notice.