AOL bungs buddy-list security hole • The Register

Skip to content

Whitepapers

AOL bungs buddy-list security hole

Now that's what we call service

By Thomas C Greene in Washington DC • Get more from this author

Posted in Security, 3rd January 2002 22:29 GMT

Free whitepaper – Vulnerability management buyer's checklist

Barely more than a day after an exploit concerning the Windows versions of AOL's Instant Messenger (AIM) was circulated, AOL says it's managed to fix its network. Users are now safe, and need not lift a finger with downloads or patches, the company says.

The hole made it possible to exploit the way AIM processes games requests, using a buffer overrun attack to take control of a victim's Windows box. It was discovered by security research group w00w00, which developed a harmless working exploit, which in turn inspired AOL to take action immediately. ®

Related Story

AIM gives up control of Windows machines

Free whitepaper – The starter PKI program

Whitepapers

Image spam: the threat returns

Understand the latest tricks the spammers are using to evade your email defences

Jump start your Application Security initiatives

Join The Register’s expert panel live and online to learn and discuss strategies and techniques for jump starting Application Security initiatives.

The shortcut guide to managing certificate lifecycles

This guide to managing the certificate lifecycle will cover a range of topics surrounding digital certificates, with an eye towards giving you the inside track when it comes to making decisions about PKI.

Avoiding 7 common mistakes of IT security compliance

This guide covers seven typical IT security compliance errors and outlines the best practices you can immediately apply to your environment to help your company achieve compliance.

Email continuity

What if your email server goes down? Free guide to keep your email flowing when disaster strikes

Search more Resources

Top stories

Webcast: Jumpstart your Application Security initiatives

Don’t Miss

Google cloud told to encrypt itself

Updated R in RSA wants s in https

Buggy 'smart meters' open door to power-grid botnet

Grid-burrowing worm only the beginning

Chinese firm hits back at cyberspy claims

Exclusive Huawei welcomes UK.gov backdoor probe

BlockMaster SafeStick hardware-encrypted USB drive

Review Tough enough?