IM Security: Dont Get Fooled

By Brett Glass  |  Posted 2003-09-02 Print this article Print

Instant messaging may leave your system open to attack. Stay vigilant to stay safe.

Using an instant messenger (IM) program seems like a harmless way to have a conversation. Unfortunately, IM can be exploited to damage, commandeer, or infect your machine.

Attacks on IM programs (such as MSN Messenger, AIM, ICQ, and so on) fall into the same categories as other network attacks. Some attacks take advantage of bugs or weaknesses in the software; others exploit human foibles. Heres how to defend yourself against IM security breaches.

Most IM systems were not designed with security in mind. For example, a recently discovered buffer overflow bug in AIM left users computers vulnerable to a remote takeover attack. AOL was lucky: It was able to close the hole by blocking exploit attempts as they passed through its servers. (For more details on this bug, see the bulletin. )

Microsoft, however, was unable to block a worm that spread widely in 2002 via its instant-messaging programs (Windows Messenger, MSN Messenger, and .NET Messenger) as well as Internet Explorer (The bug was actually in IE, but the worm relied on the IM programs to propagate.) Click here for the complete story...
Brett Glass has more than 20 years of experience designing, building,writing about, and crash-testing computer hardware and software. (A born'power user,' he often stresses products beyond their limits simply bytrying to use them.) A consultant, author, and programmer based inLaramie, Wyoming, Brett obtained his Bachelor of Science degree inElectrical Engineering from the Case Institute of Technology and his MSEEfrom Stanford. He plans networks, builds and configures servers, outlinestechnical strategies, designs embedded systems, hacks UNIX, and writeshighly optimized assembly language.

During his rather eclectic career, Brett has written portions of the codeand/or documentation for such widely varied products as Borland's Pascal'toolboxes' and compilers, Living Videotext's ThinkTank, Cisco Systemsrouters and terminal servers, Earthstation diskless workstations, andTexas Instruments' TMS380 Token Ring networking chipset. His articleshave appeared in nearly every major computer industry publication.

When he's not writing, consulting, speaking, or cruising the Web insearch of adventure, he may be playing the Ashbory bass, teachingInternet courses for LARIAT (Laramie's community network and Internetusers' group), cooking up a storm, or enjoying 'extreme'-ly spicy ethnicfood.

To mail Brett, visit his Web form.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel