Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Possible AIM Hack?

from [Jeff Britton, Monitored Security] Network Security [Permanent Link]
Subject: RE: Possible AIM Hack?
Date: Wed, 15 Mar 2006 13:38:23 -0000 
completely different passwords.  I'm logging into the same account using 2 very 
different passwords as we speak.

-----Original Message-----
From: Benjamin Tomhave [mailto:falcon@secureconsulting.net]
Sent: Tuesday, March 14, 2006 4:53 PM
To: Jeff Britton, Monitored Security
Cc: incidents@securityfocus.com
Subject: RE: Possible AIM Hack?


AIM normalizes passwords - were your new passwords variants of old
passwords using non-alphanumerics or changes in capitalization?

On Tue, March 14, 2006 1:02 pm, Jeff Britton, Monitored Security said:

Has anyone else even noticed that (at least in the older versions) you can
use previous passwords to login?  As of right now, I can log into my AIM
account with 3 different passwords...was wondering if anyone else noticed
this too?

-----Original Message-----
From: CISO [mailto:ciso@elitemail.org]
Sent: Tuesday, March 14, 2006 11:34 AM
To: belka@att.net; incidents@securityfocus.com
Subject: Re: Possible AIM Hack?



The new edition of AIM has this issue because the product is still
technically in BETA.

The older edition of AIM typically doesn't have this problem.

Remember that AIM is a free service so there are no real SLAs to end
users unless you are using the enterprise edition of AIM.

The inability to log on (authenticate) or create new accounts is because
that piece is controlled from the same mechanism (servers).

James

On 14 Mar 2006 15:57:03 -0000, belka@att.net said:

Here is the gist of what happened:

March 8th, while using AIM, it logs me off.  When I try to log back in,
it tells me my password is incorrect.  When I try to rest the password,
I
receive no password rest message.  It is as if the hack changes the
account e-mail at the same time to prevent password rest.  Lastly, I
went
to create a new AIM account -- but without success.  The error message
tells me that the service is temporarily unavailable.  I tried from
several computers, and from different places, to no avail.  As of 09:11
CST (-6GMT) AIM will still not allow new accounts to be set up.

I haven't seen any news from any source about an AIM hack, but I have
heard anecdotally from my college aged kids that several of their
friends
were also affected around the same time period and most have not been
able to establish new AIM accounts.

Is any one else seeing any kind of similar activity/results surrounding
AIM?  Or am I just a victim of a series of unfortunate events?

Thanks
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Possible AIM Hack?, Valdis . Kletnieks
Next by Date:  Re: Possible AIM Hack?, Steven
Previous by Thread:  RE: Possible AIM Hack?, Benjamin Tomhave
Next by Thread:  Re: Possible AIM Hack?, belka
Indexes:  [Date] [Thread] [Top] [All Lists]