Security News > 2002 > April > AIM Today Gets Hacked

AIM Today Gets Hacked
2002-04-30 09:01

http://www.internetnews.com/dev-news/article/0,,10_1024491,00.html By Bob Woods April 29, 2002 Users of America Online's instant-messaging program and system were unwittingly connected to profanity and pornography last Saturday, according to an anti-AOL Web site. AOL Watch said that malicious hackers -- more accurately known as "crackers" -- inserted profane graffiti, X-rated photos and sound files throughout the "Entertainment" section in AIM Today. The AIM Today feature of AOL's Instant Messenger (AIM) generally pops up when a user first starts the AIM program, unless the user has disabled that feature. Four separate categories within the Entertainment section were taken over by the malicious hackers, who then went on to post messages in those areas. If an unsuspecting user went to two of those lists, profanity-laced audio messages would automatically play on his or her system. One page even played a song from the rock group Prodigy. The hack incident itself lasted for more than eight hours before it was removed from AIM Today, according to AOL Watch. AOL officials were not immediately available for comment on the incident. While the hack did not appear to affect people who use AIM for instant messaging-based conversations, the incident itself once again brings up the issue of security on the public IM networks. Just last week, an unintended feature surrounding the installation of AIM came to light -- the installation process of AIM on a PC covertly forces Microsoft Internet Explorer (IE) browsers to accept "Welcome to America Online" at free.aol.com as a "Trusted site." Automatically designating the free.aol.com site as a Trusted site allows AOL to install cookies and even run code on a user's PC without their knowledge. And last January, AOL patched a security flaw in the 4.7 and 4.8 versions of AIM that potentially could have allowed destructive Internet worms to infect AIM's 100 million+ users. Because the patch is a server-side fix, AIM users do not have to download it. - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.


News URL

http://www.internetnews.com/dev-news/article/0,,10_1024491,00.html