Kevin
- thanks for your integrity and the
info.
Steve
Clark
Clark
Systems Support, LLC
AVIEN
Charter Member
"Who's
watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax
-----Original
Message-----
From: Kevin
Lundy [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 9:35
AM
To: NT System Admin
Issues
Subject: RE: Looking
for a discussion on IM
You
know, I violated a cardinal rule of mine - don't post something if you can't
back it up. I did have a reference and now can't find it. I did
find a similar exploit in the Yahoo messenger. I'm still pretty
confident I did read about either a real attack via the icon, or at least a
proof of concept, and I will keep looking for it. Anyway, the below is
an exploit against an IM, so it shows it is vulnerable.
From
http://www.ca.com/virusinfo/encyclopedia/
Yahoo
Pager/Messanger Buffer Overflow
There is a buffer overflow problem with Yahoo Messenger
that leaves the user vulnerable to remote attack. The problem arises due to
a lack of appropriate bounds checking on the length of a URL that is
received from another user inside a message. Unfortunately, due to this
oversight, it is possible for unprivileged and possibly hostile remote users
to execute arbitrary commands by overwriting the EIP (return address) and
filling the URL with malevolent code. The hostile code could then be
actioned when the unsuspecting target host clicks on the URL.
-----Original
Message-----
From: Gordon
W. Smith [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 9:07
AM
To: NT System Admin
Issues
Subject: RE: Looking
for a discussion on IM
OUCH! A virus
in a smiley? Tell me more! I couldn't find anything about
it.
-----Original
Message-----
From: Kevin
Lundy [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 7:50
AM
To: NT System Admin
Issues
Subject: RE: Looking
for a discussion on IM
Two things come to
immediate mind:
1) Many IM clients
allow for file transfer. Depending on your overall security policy
this in itself can be an issue. Even if you allow people to transfer
files, the IM client then becomes a point of security control. For
example, with AIM, it is supposed to ask the user if it is ok if their chat
partner sends them a file. How long do you think it will be before
hackers manage to bypass that "confirmation"? Further, then they
bad-guys could then just send a backdoor program to the hard disk. Or
just pick up sensitive data from the computer.
2) There has
already been at least one IM based virus - done by embedding malicious code
in an icon smiley face. This becomes another area where the anti-virus
vendors have to keep up.
I'm sure there are
other reasons as well, those are just the 2 that come to my mind before
finishing my first cup of coffee.
-----Original
Message-----
From: Clark,
Steve [mailto:[EMAIL PROTECTED]]
Sent: Sunday, September 23, 2001 11:17
PM
To: NT System Admin
Issues
Subject: Looking for
a discussion on IM
Hello,
I
have been asked to research and potentially implement IM for a company to
communicate internally as well as externally. However, I have always heard
that IM was evil and to close it down ASAP. I would like to hear real world
implementation concerns/ tips as well as the security issues
associated.
Thanks
in advance for your input.
Steve
Clark
Clark
Systems Support, LLC
AVIEN
Charter Member
"Who's
watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm