Re: [Fwd: Re: AIM Password theft]

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: [Fwd: Re: AIM Password theft]
From: DarkKnight <mbuzz04@xxxxxxxxx>
Date: 24 Sep 2003 18:59:48 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

In-Reply-To: <3F7077FE.70303@xxxxxxxxxxxxx>

That method of stealing was taken from my website, "counter" is used to trick 
users into thinking that the script is just for a counter, but in reality it is 
just the object vulnerability. Anyways, AIM will do nothing to fix this. Why? 
Because it is not a vulnerability within AIM, nor is it really there problem. 
Prevention-

1. Do not save passwords
2. Delete registry data (only if you use test buddy [staff aim], the passwords 
are in plain text)
3. Get a firewall
4. Update/Get a Virus Scanner
5. Get an IE patch

Do the above and you will be A-Okay, AIM-wise and all around security wise.

- DarkKnight (of http://www.insecureonline.com)

Follow-Ups:
- Re: [Fwd: Re: AIM Password theft]
  - From: jelmer

Prev by Date: Thread-IT Message Board XSS Vulnerability
Next by Date: Re: base64
Previous by thread: RE: [Fwd: Re: AIM Password theft] VU#865940
Next by thread: Re: [Fwd: Re: AIM Password theft]
Index(es):
- Date
- Thread