Re: [Fwd: Re: AIM Password theft]

[jelmer <jkuperus@xxxxxxxxx>]

No you won't be "A-OK"

1 + 2, 

One might just as well install a keylogger and get the passwords that way

3

doesn't do you any good, you can just have a trojan connect to a server 
running on port 80 instead of having the attacker connect to you. and it does 
nothing for you if someone wants to wipe your HD

4. 

trivially to circumvent most of the time it recognizes POC code but  change it 
a bit and it wont get picked up

5.

Currently we have the highly unusual situation that there are not one but two 
unpatched security issues in IE that will allow remote code execution and 
which are *EXTREMLY* easy to exploit and infact are actively beeing 
exploited. I've been staring at my own code at least twice these weeks (some 
scum trying to install a dialer)

There simply isn't a patch available that you can apply, for both these issues 
there are workarounds though (reghacks), so applying these is probably your 
best bet. 

Or you could *despite the fact that I hate to promote a product from a company 
that thinks its ok to sue someone for giving their product a bad review* use 
finjan's surfingguard which does seem to block a lot of attacks proactivly


--jelmer



On Wednesday 24 September 2003 20:59, DarkKnight wrote:
> In-Reply-To: <3F7077FE.70303@xxxxxxxxxxxxx>
>
> That method of stealing was taken from my website, "counter" is used to
> trick users into thinking that the script is just for a counter, but in
> reality it is just the object vulnerability. Anyways, AIM will do nothing
> to fix this. Why? Because it is not a vulnerability within AIM, nor is it
> really there problem. Prevention-
>
>
>
> 1. Do not save passwords
>
> 2. Delete registry data (only if you use test buddy [staff aim], the
> passwords are in plain text)
>
> 3. Get a firewall
>
> 4. Update/Get a Virus Scanner
>
> 5. Get an IE patch
>
>
>
> Do the above and you will be A-Okay, AIM-wise and all around security wise.
>
>
>
> - DarkKnight (of http://www.insecureonline.com)