Kevin
– thanks for your integrity and the info.
Steve
Clark
Clark
Systems Support, LLC
AVIEN
Charter Member
“Who's
watching your network?”
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax
-----Original
Message-----
From: Kevin
Lundy [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 9:35
AM
To: NT System Admin
Issues
Subject: RE: Looking
for a discussion on IM
You
know, I violated a cardinal rule of mine - don't post something if you can't
back it up. I did have a reference and now can't find it. I did
find a similar exploit in the Yahoo messenger. I'm still pretty
confident I did read about either a real attack via the icon, or at least a
proof of concept, and I will keep looking for it. Anyway, the below is
an exploit against an IM, so it shows it is vulnerable.
From http://www.ca.com/virusinfo/encyclopedia/
Yahoo
Pager/Messanger Buffer Overflow
There is a buffer overflow problem with Yahoo Messenger
that leaves the user vulnerable to remote attack. The problem arises due to a
lack of appropriate bounds checking on the length of a URL that is received
from another user inside a message. Unfortunately, due to this oversight, it
is possible for unprivileged and possibly hostile remote users to execute
arbitrary commands by overwriting the EIP (return address) and filling the URL
with malevolent code. The hostile code could then be actioned when the
unsuspecting target host clicks on the URL.
-----Original
Message-----
From: Gordon W.
Smith [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 9:07
AM
To: NT System Admin
Issues
Subject: RE: Looking
for a discussion on IM
OUCH! A virus
in a smiley? Tell me more! I couldn't find anything about
it.
-----Original
Message-----
From: Kevin
Lundy [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 7:50
AM
To: NT System Admin
Issues
Subject: RE: Looking
for a discussion on IM
Two things come to
immediate mind:
1) Many IM clients
allow for file transfer. Depending on your overall security policy this
in itself can be an issue. Even if you allow people to transfer files,
the IM client then becomes a point of security control. For example,
with AIM, it is supposed to ask the user if it is ok if their chat partner
sends them a file. How long do you think it will be before hackers
manage to bypass that "confirmation"? Further, then they bad-guys could
then just send a backdoor program to the hard disk. Or just pick up
sensitive data from the computer.
2) There has already
been at least one IM based virus - done by embedding malicious code in an icon
smiley face. This becomes another area where the anti-virus vendors have
to keep up.
I'm sure there are
other reasons as well, those are just the 2 that come to my mind before
finishing my first cup of coffee.
-----Original
Message-----
From: Clark,
Steve [mailto:[EMAIL PROTECTED]]
Sent: Sunday, September 23, 2001 11:17
PM
To: NT System Admin
Issues
Subject: Looking for a
discussion on IM
Hello,
I have
been asked to research and potentially implement IM for a company to
communicate internally as well as externally. However, I have always heard
that IM was evil and to close it down ASAP. I would like to hear real world
implementation concerns/ tips as well as the security issues
associated.
Thanks
in advance for your input.
Steve
Clark
Clark
Systems Support, LLC
AVIEN
Charter Member
"Who's
watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm