HZFQ.COM
welcome to my space
X
Search:  
Welcome to:hzfq.com
NAVIGATION - HOME

AOL's AIM Puts Browser Security in Danger

Published by: mike 2008-11-19

Attention AOL AIM users -- you've got a pushy program.

The installation process of AIM on a PC covertly forces Microsoft Internet Explorer (IE) browsers to accept "Welcome to America Online" at free.aol.com as a "Trusted site," according to an article in Security Wire Digest.

Automatically designating the free.aol.com site as a Trusted site allows AOL to install cookies and even run code on a user's PC without their knowledge. A Web site in Internet Explorer's Trusted sites zone contain "sites you believe you can download or run files from without worrying about damage to your computer or data," according to the IE's Help file on Trusted zones. "The default security level for the Trusted sites zone is Low, therefore, Internet Explorer will allow all cookies from Web sites in this zone to be saved on your computer and read by the Web site that created them."

Buy Dangerous Fishing 1.5::
Donuts in Danger 1.1. Frantic action shooter with cool weapons, power-ups AOL announced three new iPhone OS applications: AIM, AOL Radio and Truveo, the
http://www.soft32.com/Download/Free/Dangerous_Fishing/4-77752-2.htmlHOME
InfoSec News: By Subject::
[ISN] AOLs AIM Puts Browser Security in Danger. InfoSec News (24 Apr 2002) [ISN] Four arrested in plan to expose lax security at Camp Pendleton. InfoSec
http://www.infosecnews.org/hypermail/0204/subject.htmlHOME
What's more, when a Web site is in the trusted zone, the user is not alerted when a cookie or file is downloaded to a user's PC.

InstantMessagingPlanet confirmed the compromise on one of our own PCs.

Rich Mogull, a senior analyst at Gartner Group's Gartner G2's growth strategies practice, says AOL's action violated all three elements of trust: intent (the desire to operate within the boundaries of an agreement), capability (the ability to fulfill the intent) and communication (the ability to instill belief in these abilities within the consumer/business partner).

Security & Spyware Full Free Programs,Movies,Mobile softwares ::
Intuitive Windows®-based browser lets you find, copy and paste files in both Log Internet Chat conversation including AOL/ICQ/MSN/AIM Instant Messengers
http://www.pro4all.net/security-spyware/page/5/HOME
"Businesses that allow the use of AOL Instant Messenger are also forced to trust AOL servers, despite whatever security and privacy settings (those businesses) have in place," Mogull said. "By forcing browsers to trust AOL, it violates the boundaries of the users' understanding of the relationship ... By making these changes without notifying the user, AOL has failed to communicate either intent or capability."

AOL's practice is particularly troubling, Mogull said, since it is vulnerable to an insidious and well-known cyber attack known as "cross-site scripting," which allows an attacker to inject malicious code onto a system by hiding it as legitimate code from free.aol.com.

GartnerG2 (and InstantMessagingPlanet) recommends that companies carefully evaluate their policies on employee use of downloaded software and services. They should also employ security mechanisms to limit the damage that unapproved trust relationships may cause. And a company's IT staff should evaluate terms and conditions for any free or commercial off-the-shelf software used within the enterprise.

Jerichos Misc Writing::
treated the threats seriously but did not believe Gates life was ever in danger. potential security risks in everything from the Internet Explorer browser to
http://attrition.org/~jericho/works/security/pwn-51-16.htmlHOME
Pure Mac: Security - Software for Macintosh::
to secure private email, selected files, and AOL Instant Messenger (AIM) traffic. Menu, or from any XRay window by opening the built-in browser drawer.
http://pure-mac.com/security.htmlHOME
Also, AOL's action can be undone directly from the IE browser. To start the process, a user should go to the Tools menu and select "Internet Options." By clicking on the "Security" tab, highlighting "Trusted sites" and then clicking on the "Sites" button, a list of Trusted sites appears. Highlighting the "free.aol.com" site and clicking "Delete" rids the browser and the user's PC of the security problem.

AOL officials were not immediately available for comment on this story.

Security Wire Digest also reported earlier this month that a new IM-based worm is gaining ground by offering "free porn." The worm, which the publication called "low-risk," is spread by both AIM and IRC clients, is called W32.Aphex@mm or W32.Aplore@mm. It spreads in the chat window area by a hyperlink that consists of a single period with an attachment named psecure20x-cgi-install.version6.01.bin.hx.com.

If a user runs the program it drops a Visual Basic (.vbs) script and then uses standard techniques to mass-mail itself to all addresses in the user's Microsoft Outlook address book. The worm also connects to some IRC channels and attempts to infect IRC users. Blocking .com attachments in a user's IM client can help mitigate the risk, and the worm doesn't carry a destructive payload.

Bob Woods is the managing editor of InstantMessagingPlanet.


Employee Abuse of Internet Rampant
Airline Database Posted On Defacement

PRINT Add to favorites
  • texas hold em poker
  • i need to create a game for school can someone help me
  • where can i get a plaid ugly doll
  • what 039 s the music on the advert for the mercenaries game
  • have you ever won the lottery also how often do you play and do you use the same numbers
  • birthday present ideas
  • traxxas nitro rustler questions
  • i got boardwalk i got boardwalk
  • is my barbie doll collection worth anything
  • in a no time limit chess game what is the longest one can wait the opponent to move it should be at least 10 039
  • mcdonalds monopoly question urgent
  • i have a john deere ride on toy and i charged the battery and now it wont do anything please help
  • is it me or tickle me elmo

  • where do i get glowsticks
  • why does my computer restarts when going in an online game
  • where to buy bratz dolls cheap
  • does anyone remember the munchichees dolls if so where can i find them
  • how where do i catch milotic in pokemon diamond
  • anyone knows any good dark yu gi oh deck recipes
  • doll restorers and repairers
  • i use to play wow i stoped u can to it sacks itistaakeing ur life away
  • does anyone know the secret of winning at checkers
  • world of warcradt patch
  • wanting to learn to play shogi
  • any site on the development of clacton please
  • is there a dora barbie doll
  • im a fat 14 year old kid can i still become a ninja
    • #If you have any other info about this subject , Please add it free.#
    Your name:
    E-mail:
    Telphone:

    Your comments:


    If you have any other info about AOL's AIM Puts Browser Security in Danger , Please add it free.

    About us -Site map -Advertisement -Jion us -Contact usExchange linksSponsor us
    Copyright© 2008 hzfq.com All Rights Reserved
    Site made&Support support@hzfq.com    E-mail: web@hzfq.com