resource center
  See your link here
|
Subscribe to Computerworld IDG News Service -
Software recommended last week by security group w00w00 Security Development to plug a hole in America Online Inc.'s Instant Messenger (AIM) actually opens a user's system to hacker attacks and can direct the user's Web browser to pornographic Web sites, w00w00 said yesterday.
The security group was the first to publicize the hole in AIM last week (see story), prompting Dulles, Va.-based AOL to take action and correct the problem on the server side within a few days (see story). In its initial warning, w00w00 advised users to download and install a third-party program called AIM Filter for immediate protection. But that software comes with its own security problems, a member of the w00w00 team wrote in a posting to the Bugtraq mailing list late yesterday.
"At the time, Robbie Saunders' AIM Filter seemed like a nice temporary solution. Unfortunately, it instead produces cash-paid click-throughs over time intervals and contains backdoor code," Jordan Ritter wrote. The click-throughs direct the user's Web browser to advertisements using Saunders' referral code, generating commission payments for him.
W00w00 now offers a cleaned-up version of AIM Filter without these security holes, Ritter wrote. The problems with the software, which is designed to block certain AIM functions, were discovered Jan. 5, when Saunders released the source code for his filter, Ritter said in the Bugtraq posting, apologizing for the error.
AIM Filter creator Saunders said in a statement on his Web site that AIM Filter allows him to remotely obtain a user's Internet Protocol address and AIM build number. It also allows him to shut down AIM Filter on a user's system and open five "embarrassing Web sites," the statement said. The porn Web sites pop up only when AIM Filter is launched, not at time intervals, he stated.
It's unknown how many people installed AIM Filter. One AIM user in a newsgroup asked w00w00 for more detailed instructions on how to remove AIM Filter.
A buffer overflow vulnerability existed in the shared game feature of AIM, AOL said Jan. 2. Attackers could access a user's system by exploiting the vulnerability, according to w00w00.
Related stories:
IDG.net
Mitigating Litigation Risk with Email Management Tools
Does your company have an email retention policy that protects it when litigation occurs? IDC discusses effective email retention policies and the role...
Managing And Protecting Your Ever Increasing Mobile Assets
Learn best practices for desktop and application virtualization, computer security, and computer life-cycle management....
Protecting Content During Business Disruption: Are You Covered?
Learn how ECM is helping Tulane University and the 13th Judicial Circuit Court implement disaster readiness programs....
Why Compliance Pays
This OnDemand webcast explores the relationship that firms with best compliance records have higher revenue, greater customer retention, lower financial losses from data...
Beyond PCI Checklists: Securing Cardholder Data with Tripwire's Enhanced File Integrity Monitoring
How do organizations pass their PCI DSS audits yet still suffer security breaches? Paying attention to PCI DSS checklists only partially secures the...
Best Practices for Managing Business Risks from the Use of IT
(Source: Symantec) Based on exhaustive benchmarks conducted by the IT Policy Compliance, this session highlights the relationship between business risks and use of...
Authentication as a Service by Forrester Research
Authentication-as-a-Service: understand the benefits of two factor authentication and the best ways to implement it....
Sun OpenSSO Enterprise Webinar
(Source: Sun) This webinar replay discusses Sun OpenSSO Enterprise innovation--the single, open-source solution that helps your business solve the challenges around internal access...
Sustaining SOX Compliance: Best Practices to Mitigate Risk, Automate Compliance, and Reduce Costs
Since the adoption of SOX, much has been learned about IT compliance. Discover how to make SOX efforts more effective in "Sustaining Sox...
Agile Enterprise Content Management (ECM) for Rapid ROI
(Source: IBM) Content rich business processes are a core feature of daily operations at just about any organization today. Very often these essential...
Sign up to receive updates on the latest Security resources
CIO
Computerworld
CSO
DEMO
GamePro
Games.net
IDC
IDG
IDG Connect
IDG Knowledge Hub
IDG TechNetwork
IDG Ventures
IDG.net
InfoWorld
ITwhitepapers
ITworld
JavaWorld
LinuxWorld
Macworld
Network World
PC World
The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All
rights reserved. Reproduction in whole or in part in any form or medium
without express written permission ofComputerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc. |
