|
some
good reading !!!!
Gene C. aka C.E. Gene Connor
Gene's Custom PC Service since
1989
Serving the U.S., Canada & London,England
Is
this what you were talking about?
You know, I violated a cardinal rule of mine - don't post something
if you can't back it up. I did have a reference and now can't find
it. I did find a similar exploit in the Yahoo messenger. I'm
still pretty confident I did read about either a real attack via the icon,
or at least a proof of concept, and I will keep looking for it.
Anyway, the below is an exploit against an IM, so it shows it is
vulnerable.
Yahoo Pager/Messanger Buffer Overflow
There is a buffer
overflow problem with Yahoo Messenger that leaves the user vulnerable to
remote attack. The problem arises due to a lack of appropriate bounds
checking on the length of a URL that is received from another user inside a
message. Unfortunately, due to this oversight, it is possible for
unprivileged and possibly hostile remote users to execute arbitrary commands
by overwriting the EIP (return address) and filling the URL with malevolent
code. The hostile code could then be actioned when the unsuspecting target
host clicks on the URL.
OUCH! A virus in a smiley? Tell me more! I
couldn't find anything about it.
Two things come to immediate mind:
1) Many IM clients allow for file transfer. Depending on
your overall security policy this in itself can be an issue. Even
if you allow people to transfer files, the IM client then becomes a
point of security control. For example, with AIM, it is supposed
to ask the user if it is ok if their chat partner sends them a
file. How long do you think it will be before hackers manage to
bypass that "confirmation"? Further, then they bad-guys could then
just send a backdoor program to the hard disk. Or just pick up
sensitive data from the computer.
2) There has already been at least one IM based virus - done by
embedding malicious code in an icon smiley face. This becomes
another area where the anti-virus vendors have to keep
up.
I'm sure there are other reasons as well, those are just the 2
that come to my mind before finishing my first cup of
coffee.
Hello,
I
have been asked to research and potentially implement IM for a company
to communicate internally as well as externally. However, I have
always heard that IM was evil and to close it down ASAP. I would like
to hear real world implementation concerns/ tips as well as the
security issues associated.
Thanks
in advance for your input.
Steve
Clark
Clark
Systems Support, LLC
AVIEN
Charter Member
"Who's
watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
|
