Did they get hacked ? If you find a news article, please post it im curious, nobody could sign in for like 30 or more minutes tonight.....
Printable View
Did they get hacked ? If you find a news article, please post it im curious, nobody could sign in for like 30 or more minutes tonight.....
Yea, it was weird, the only people who weren't kicked off were on Mobile phones. I was talking to Jehn from here on AO and he said he heard something about a DDOS or something. I don't have anything like links though to confirm it and since it just now happened I don't think there are any yet.
It's sort of funny, my buddy list is gone except for him lol. Ah well, ex GF was hassling me anyway.
Yeah, I went down too, and trillian really wigged out for a while. The buddy list wouldn't show up on Trillian, but GAIM picked it up just fine. Now Trillian's back to normal. However, I'm having problems with ICQ as well...
My AIM booted me and I couldnt log back in for maybe 10 minutes, but all is good now.
Yeah my buddy list was gone too, i just loaded the saved one i had.....
Nothing here yet...
http://www.runabot.com/aimnews/
Aim Expressions and AIM hacks at AIMnews.com
I don't understand the drive people have to use a means of communication that goes directly through an 'evil' companies servers for violation checking, logging, and similar. It isn't even encrypted unless you enable 3rd party encryption programs that will only ever work with other 3rd party encryption programs. Hell, not even gaim encryption is compatible with trillian encryption.
So, what's the point? Why not go to IRC, SILC, or some protocol that runs through a server you can trust?
Because most of our friends, I suspect, are not IT, security minded, or AOL haters to any real degree, so if we switched to IRC, we would be doing so alone. I know personally, that vast majority of my friends are on AIM, so that's what I'm "stuck" with, else my other option is to upgrade to new friends. ;)Quote:
So, what's the point? Why not go to IRC, SILC, or some protocol that runs through a server you can trust?
So my question still remains. Just because it is easier, do you trust AOL and Yahoo enough to use such an untrustworthy protocol? I wouldn't. I would do the honor of showing my friends how simple Xchat for windows/linux was, and direct them to a friendly and trustworthy server.
One of the huge losses of personal privacy is because people feel the better solution is too difficult. Well, IRC is a peice of cake and setting up your own IRC server is just as simple. Create your own IRC server or join one you trust, and invite your friends. They get away from a protocol that may endanger them (fraud, spam, exploits based on a closed source protocol, continual battling between the official client and 3rd party workarounds) and you get to go on a protocol more flexible to your security minded self.
An excellent point, and one we should continually endeavor to counteract.Quote:
One of the huge losses of personal privacy is because people feel the better solution is too difficult.
Geez, you just totally shot down my point. :p
Well i have over 100 females on my AIM buddy list, and trust me they wouldn't switch to IRC. Half of them don't even know how to change their AIM icon, come to think to expect them to learn to use IRC.
Yeah, but not all of us are p1mps0rs, so that's not much of an issue. :D
I personally use AIM for the same reasons that AngelicKnight does and that is, my friends use it and most of them arent that technically savy. I think you would have to be moronic to talk about something that you thought should be confidential over any messaging service such as these. How well can you trust your ISP not to look and attempt to crack your encryption?? If you have confidential things you need to pass then worry about secure chat or secure connections. I personally dont really talk about too many things on AIM or any other messaging service that I would need to worry about someone seeing
So why not leave them? Why stay on a protocol, period, that isn't safe? You have email communication, forum communication, and teaching them irc would take 3 steps:
1. Download this program and install it. Now run it.
2. Type in (since there is only one area to type in) /server blah.foobar.com
3. Type in /join blahblah
The rest is completely optional, from nick registering to /me, and stuff that will be caught on later regardless due to how many others would be using it. AIM would actually take more steps since a password AND username is required (and avaliable).
Just because showing some of them may seem like a hard thing, give them a bit more credit. You could write up a 3-4 step tutorial that would easily explain things in way that would have them connecting to your server without any problem. Even for end-users.
Don't fall behind and place your communications in a company you don't trust or appreciate just for the sake of people who are going to end up being your weak link in the security chain. Teach them. I don't care if they think it is hard. The world isn't going to become any safer from crackers and exploits if everyone looks at the end users as "it's not worth it because they won't get it anyways lololol".
See what I mean?
And plus:
AOL has updated it's AIM terms of service to remove any hint of privacy in your AIM messages and anything having to do with AIM. "...by posting Content on an AIM Product, you grant AOL, its parent, affiliates, subsidiaries, assigns, agents and licensees the irrevocable, perpetual, worldwide right to reproduce, display, perform, distribute, adapt and promote this Content in any medium. You waive any right to privacy." Very sad news indeed. They clearly do not care about you or your privacy in AIM.
http://www.runabot.com/aimnews/
Another solution to this too, is use Jabber. You can set up your own jabber server and configure it pretty much anyway you want. I'm not sure if you get all the nice frilly features like webcam and voice chat, but I know it can be tailored very nicely to your individual preference. Another good part is that most of your multi-protocol clients like GAIM and Trillian have Jabber capabilities already. One thing i've learned, is that better isn't always best. Some people just don't care, and would rather have the standard interface. I personally suffer from a conflict of interest, with Yahoo's standard client. I love the features and performance of GAIM, but i like the Imvironments and the sounds that come with the standard client. It's all about features.
The problem with jabber is that it is still following the same ideas as most personal communication protocols, and thus suffers from the same "popularity" bugs that AIM/Yahoo does.
http://arch.jabber.com/archives/2004/05/000100.html
Jabber spam, jabber fishing. Even with your own server you have very little control over content and abuse. especially since a LOT of non-tech users register with the service and release their information to buisnesses offering "jabber" improvements. Once again, jabber suffers from content control.
This is a public communcations area, the internet, and a public communications protocol is only asking for trouble. IRC, SILC, and similar are community controlled protocols that allow proper content control combined with security, all on the whim of yourself. From registered information requirements or not, to banned words or not, you have the finer control versus pming someone over a server that is not within your complete control.
And what good are features if they leave you insecure and unprotected on a network you can't trust or have full control over? If that same idea was applied to operating systems on these forums, the world would end and everyone would walk away with 600 negative points.
A webcam I'm sure is a great feature, but not when the Yahoo servers have complete legislation and copyright over the content you are sending through their servers.. and thus subject to data backup recording, monitoring, and man-in-the-middle manipulation attacks. Just doesn't make sense guys. You either want the internet to become more secure over time and thus take the extra step to get it there, or you don't care about it and thus won't spend time teaching and improving it.
I don't understand why you all immediately think it is hacking. The more likely cause of an outage is maintenance, hardware failure, etc.
I believe only a couple mentioned hacking. Then we just got off on a tangent. :DQuote:
I don't understand why you all immediately think it is hacking.
Because this is a security forum, not a hardware forum :) And thus when we generally address issues we are looking at it from a security perspective, and thus will refer to security perspectives. We all know hardware outages happen, that's obvious. But we are also not in a hardware failure-based forum.
Like a baseball club talking about baseball, when we mention examples in baseball it is obviously because we are a baseball club. Even if blackeyes can happen mostly from self accidents and fights, the blackeyes we are referring to happen from a stray ball.
Security vs. Usability.
Aim has buddy icons, a profile, away messages, and an easy install. Everyone uses it and everyone is familiar with it. "What's your screen name?" only means one client right now. If we encourage an IM revolution, people would be afraid of having 6 clients for each protocol trying to duke it out.
I can see it now:Quote:
"I think you should use silc."
"Can I keep my buddy icon?"
"No, but your messages can't be intercepted and your client is less likely to be exploited"
"But my buddy icon says Diva on it... :("
Quote:
Originally posted here by guardian alpha
Because this is a security forum, not a hardware forum :) And thus when we generally address issues we are looking at it from a security perspective, and thus will refer to security perspectives. We all know hardware outages happen, that's obvious. But we are also not in a hardware failure-based forum.
Like a baseball club talking about baseball, when we mention examples in baseball it is obviously because we are a baseball club. Even if blackeyes can happen mostly from self accidents and fights, the blackeyes we are referring to happen from a stray ball.
I'm sorry, but that is about the dumbest reply I've read. Security also has to do with maintaining availability of your systems and data. When a system goes down one of the first things you should check is if it was a known outage (planned downtime or maintenance) or if it was possible hardware failure.
Once again, for the thicker skulled, we are all aware of security procedures and CERT protocols.
But it remains that there is a difference between AIM insecurity protocols and a NIC card failing. In fact, we talk about the first one and the latter isn't mentioned anywhere in this thread. If we were talking about hardware related events (AIM insecurity related to packet filtering has NOTHING to do with hardare failure) then I would welcome your comment. Otherwise right now it just seems like you've had a bad day and want to take it out on someone :) Sorry, wrong forum for that.
I haven't had a bad day. I'm pointing out a flaw in your (not you specifically...the thread as a whole) troubleshooting procedures and theories. The more common and plausible explanation is maintenance, hardware failure, etc. Not all service outages are hacking.
The thread (before it got threadjacked) was about a disruption in aim service. That is where my post fits in.
And by no means is everyone here aware of security procedures and cert protocols.
Ah, I get what you mean now :) Thought you were trying to combat the idea that AIM exploits and fishing scams were hardware related. However now that I get your point, I will agree with you. Actual server/workstation failures are usually going to be hardware failures/spyware overflow rather than a common-day hack.
A lot of people think hacks are often the primary cause of server failure, but are rare amoung the cause of real server errors. Maybe we can continue this fork of the discussion in another thread or PM, so we don't derail the origonal conversation any further than I've done lol
We were referring to the literal security within AIM, not aim server disruption. Moreso the client-side of how and why the AIM protocol is insecure rather than why the AIM server may be down.Quote:
disruption in aim service.
Yeah, I saw what it turned into. Next time I'll add a reference to the specific posts (in this case the first one) in the thread that I am replying to. That should cut down on the confusion.
Oh great................the mighty Juridian has pontificated...................understand his words you mighty and despair..............
Your opinion of others' intelligences are probably irrelevant to most members...............certainly to the cognoscenti...............Quote:
I'm sorry, but that is about the dumbest reply I've read. Security also has to do with maintaining availability of your systems and data. When a system goes down one of the first things you should check is if it was a known outage (planned downtime or maintenance) or if it was possible hardware failure.
So where is CHSH now that I have challenged?..............and who gave you all those points?............I guess there are one or two alliances that have not been weeded out?
:mad:
What have you actually achieved in your life so far?
I gave them to him. He, like Catch, get negged because people don't like his attitude. Just like I do.
Hey Gore...................are Catch, Chsh and Juridian the same people? or just at the same college or what?
Na, Catch isn't at a college, Chsh is in Canada, and Juridian is .... I don't know never asked him. But all of them get reamed for attitudes even though they are one of the first people asked when something happens and someone needs help.
I've been in huge arguements with all 3 so it's not a favoritism thing, but I know exactly what the whole negged for your opinion / attitude thing feels like, I get it all the time. Chsh and J both have a sense of humor, but people miss it because they think they are being arrogant or something. Try reading what they say differently. You'll find humor.
-Loving BOFH.
Nihil: No. Catch, chsh and Juridan are 3 seperate individuals.
I don't see the justification to move to IRC or other IM as valid since they also use clear-text and since they may also have suspect types viewing their server information (moreso on IRC servers since they aren't necessarily run by "ethical people" and would more likely violate your privacy on whims).
IMO, it's not the protocol or the server that is questionable but rather the person at the other end. I have no way to verify that the person is going to keep the conversation private nor do I know that it is in fact them. For my personal purposes I use Secway with my MSN, which when talking with friends I can verify it's them through a PKI setup and ensure encryption (AES-128/RSA-2048) to the server in question.
Lastly, last time I checked security involved CIA (Confidentiality, Integrity and Availability). If a hardware failure occurs or some other system outage, I'd believe it would involve availability of the CIA.
But that's my point of view.
Quote:
Originally posted here by nihil
Oh great................the mighty Juridian has pontificated...................understand his words you mighty and despair..............
Your opinion of others' intelligences are probably irrelevant to most members...............certainly to the cognoscenti...............
So where is CHSH now that I have challenged?..............and who gave you all those points?............I guess there are one or two alliances that have not been weeded out?
:mad:
What have you actually achieved in your life so far?
Actually, I wasn't insulting his intelligence...I just said that reply was dumb. It turns out we were just talking about two different things as you could have found out if you had read further (or maybe your comprehension is off?).
I go the points from gore, sec_ware, and guardian alpha himself. We discussed things, found our communications problem, and both look forward to further discussions.
nihil, you can look for conspiracy all you like, but as with most things the simplest explanation is the best and most likely. You're just a turd.
I tend to agree with MsMittens on the hardware failure/availability part. My guess on the AIM outage really does fall down to either planned maintenance, emergency maintenance or hardware failure such as a critical router suddenly going bad (happens all the time).
Who knows, it may have been hacked and it took them the 30 mins or so to swap over to a back up environment or take action with whatever incident handling procedures they have set up. I just think it is less likely.
Just check the profile...hehe. =)Quote:
Originally posted here by gore
Na, Catch isn't at a college, Chsh is in Canada, and Juridian is .... I don't know never asked him. But all of them get reamed for attitudes even though they are one of the first people asked when something happens and someone needs help.
-Loving BOFH.
Personally, I think AOL is junk in every aspect. I remember when ICQ was very handy, usefull, and enjoyable. Once AOL took it over I refused to even have it installed on my box. The only reason I even have AIM is to talk to people less fortunate than me who have to use AOL as their ISP, and because it does have its slight advantages.
I can remember in 2000 on july 4th, there was a list of 300 email servers, but thats a different story to tell.
Point being, AOL sucks.
As a follow-up to my link on page one...more news about AIM and AOL...
http://www.eweek.com/article2/0,1759,1775649,00.asp
AOL's Terms of Service Update for AIM Raises Eyebrows
still no word on what happened.
Since they claim all rights to it, I wonder how that holds for their legal responsibility for it? So the next time someone tries to sue them over what their users are doing, are they now accountable?