From: Steven (steven@lovebug.org)
Date: Wed Jul 13 2005 - 15:49:55 EDT
>From what I have seen most of the flaws are generally in the application
itself. There are often bugs in AOL's AIM, GAIM, Trillian and other clients
all of the time. You can just check BUGTRAQ or any other listserv/archive
and see this. It would seem though that sometimes the open source and/or
lesser used applications tend to get their bugs patched quicker.
There have been flaws in the past that have allowed attackers to take over
AIM accounts, find the related e-mail addresses, still yahoo/hotmail
accounts and what not. Obviously these flaws can lead to a compromise of
the instant messaging account but generally have nothing to do with the
protocol or client.
Steven
----- Original Message -----
From: "Chris Griffin" <cgriffin@dcmindiana.com>
To: <pen-test@securityfocus.com>
Sent: Wednesday, July 13, 2005 11:05 AM
Subject: Instant messenger's
> Hey List.
>
> I figure this list could be best for this question, since I'd think the
> pen testers
> would be more up to date on spreading vulns.
>
> With all the IM flaws out there, does it more than not, stem from the
> protocol?
> or the actual client?
>
> My main point being, is using GAIM (or any other all in one for that
> matter) for msn, yahoo, aim chats more secure than the "name brand"
> clients?
>
>
> Thanks!
>
>
>
>
>
>
> ------------------------------------------------------------------------
> CONFIDENTIALITY NOTICE:
>
> This e-mail message, including any attachments, is for the sole use of the
> intended recipient(s) and may contain confidential and privileged
> information. Any unauthorized review, use, disclosure or distribution is
> prohibited. If you are not the intended recipient, please contact the
> sender by reply and destroy all copies of the original message.
> ---------------------------------------------------------------------------
>
>
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:32 EDT