Full Disclosure mailing list archives
Re: AOL Instant Messenger - Away Setting and Snoopers
From: full-disclosure () lists netsys com (Remington Winters)
Date: Sun, 4 Aug 2002 23:10:39 -0700
I don't think the "hide window while away" feature was designed with security in mind. I believe its more for keeping the desktop clear. Someone with local access could also just as easily turn off away and look at the windows.... ----- Original Message ----- From: "Matthew Murphy" <mattmurphy () kc rr com> To: "BugTraq" <bugtraq () securityfocus com>; "Full Disclosure" <full-disclosure () lists netsys com>; "SecurITeam News" <news () securiteam com>; "Vuln-Dev" <vuln-dev () securityfocus com> Sent: Sunday, August 04, 2002 6:56 PM Subject: AOL Instant Messenger - Away Setting and Snoopers
Yet another reason never to use AOL... AOL Instant Messenger is used by many millions of people to send and
receive
messages in real-time. It features several "states" for a user, such as away, idle, etc. that change the behavior of the client when set. AOL employs a feature "Hide windows while away" that, as its name implies,
hides
all windows in AIM while the user is away. However, even with windows hidden, it is possible for snoopers to view conversation. If a user sends you a message while you are away, and regardless of "hide windows" being enabled, the entire conversation between the two parties becomes readable to anyone with access to the terminal just by clicking
the
desired screen name. Example: 1) 2 users chat... 2) user A leaves, setting away status 3) user B checks with a simple "are you there?" type message 4) upon receiving the away, no further messages are exchanged, as user A
has
left
5) someone with local access checks the away queue for info
6) checking each screen name, he/she saves each transcript
7) user A returns, and responds to the message
8) chat continues...
Workaround: Don't use away state, or close all conversation windows
yourself; never use the hide window feature, that is just lazy. :-)
"The reason the mainstream is thought
of as a stream is because it is
so shallow."
- Author Unknown
Current thread:
- AOL Instant Messenger - Away Setting and Snoopers Matthew Murphy (Aug 04)
- AOL Instant Messenger - Away Setting and Snoopers Andrew Pinski (Aug 04)
- AOL Instant Messenger - Away Setting and Snoopers Jonathan Rickman (Aug 04)
- Re: AOL Instant Messenger - Away Setting and Snoopers Remington Winters (Aug 04)
- Message not available
- Re: AOL Instant Messenger - Away Setting and Snoopers Matthew Murphy (Aug 05)
- Re: AOL Instant Messenger - Away Setting and Snoopers Mark Shirley (Aug 05)
- Re: AOL Instant Messenger - Away Setting and Snoopers Matthew Murphy (Aug 05)
- AOL Instant Messenger - Away Setting and Snoopers Andrew Pinski (Aug 04)