It's worth a try. I was following this thread with considerable
interest because
I couldn't log onto AIM either--until I tried when not running
through the
remote access VPN. If I'm just connected to the Internet but not
connected to
headquarters via our VPN, AIM lets me log on just fine. If I log into
AIM and
then activate the VPN, the AIM connection continues without a
problem. However,
if I activate the VPN and then try to log into AIM, I get nothing.
Of course, this opens another question: is there a security risk in
connecting
to AIM first and then using the VPN?
Andrew Conry-Murray
"Phillip R Cooper
II"
<pcooper@wareoneart
To
h.com> <belka@att.net>,
<incidents@securityfocus.com>
03/16/2006 11:38 AM
cc
Subject
RE: Possible AIM Hack?
here's something that occurred to me-
are you by chance VPN'd into a common network during all these
attempts?
Perhaps there's been a block instituted on whatever port AIM
communicates
on, and you've not been informed for whatever reason.
I know this is VERY basic, and possibly will be thought to be my
attempt to
insult you. Not at all. With the alphabet soup after your name, it's
apparent you know much more than I. But I've a feeling this is going
to be
something incredibly simple that is being overlooked, as often
happens in
this industry. Hey, we've all been there- troubleshooting the network
and
finding out later after much agravation that we'd used the wrong
cable in
the first place. ;)
-----Original Message-----
From: belka@att.net [mailto:belka@att.net]
Sent: Thursday, March 16, 2006 9:20 AM
To: incidents@securityfocus.com
Subject: Re: Possible AIM Hack?
As far as the AIM server being temporarily down, as of 0900 EST (GMT
-5) 16
MAR 06, it is
still not possible (at least for me) to create a new AIM user
account. I
would
encourage others to go to www.aim.com and attempt to create an AIM
identity
and
see if they get the same results. I have tried creating a new
account in at
least four different cities in the last week using different
hardware, ISPs,
etc. -- all with no effect. With every attempt I receive a pop up
java
script
window stating "The service you are attempting to use is temporarily
unavailable,error 20814"
This message has been returned since last week -- if the
authentication
server is 'casters
up", then the system admins at AIM are operating under a very, very,
generous
Service Levels Agreement. My experience is that if you are down a
week, its
time to break out the disaster recovery plans. In fairness, however,
AIM is
a
free service. Free usually means you get what you pay for. Right
now I am
receiving from AOL exactly what I have been paying -- nothing.
But in seriousness, a lot of people depend on AIM for social and even
business
interaction. It has, free or not, become a "critical application" to
a lot
of
people. I made a couple of attempts to contact AOL about the
problem,
without
result.
In a larger context, if there is a problem at AOL with AIM, and it
has been
hacked, and it has been down over a week -- what of the data and
accounts of
the
gazillions of users who are regulars on AIM? Is that data safe?
Given the
recent stories about the spike in debit card fraud recently, and that
spike
has
been tenatively traced back to a possibility of a vendor that wat was
hacked
and lost
the data (stay tuned to this story as it develops), the circumstances
that
my
account "disappeared" and the fact that creating a new account is
disabled
is
troubling.
--
Rob Frazier, CISSP, ISSAP
www.xakephet.com
325-695-7238 Lab
817-271-7557
-------------- Original message ----------------------
From: "Steven" <steven@lovebug.org>
Well like I said it could be a number of things but if you cannot
logon
anymore as I said then there's a good chance of a compromise. The
whole
part about not being able to logon anymore would indicate a
persistent
problem that is permanent and not some problem signing on for a few
minutes.
That would mean you couldn't logon right after getting kicked off,
10 mins
later, 6 hours later, 5 days later, etc. Additionally, if some
server
that
gives a yea/nay is on a coffe + donut break -- what would that have
to do
with kicking you offline after already being authenticated?
Let's see it's been at least a day. Can you logon now? If the
answer is
yes.. chances are someone didn't steal your account. If the answer
is
no --
I'll go with you're compromised or you forgot your password.
Anyway
that's
just one possible reason which defintely occurs quite frequently to
people
with desirable screen names or that have pissed off someone.
Steven
----- Original Message -----
From: <Valdis.Kletnieks@vt.edu>
To: "Steven" <steven@lovebug.org>
Cc: "Travis Haymore" <thaymore@gmail.com>; <belka@att.net>;
<incidents@securityfocus.com>
Sent: Tuesday, March 14, 2006 8:02 PM
Subject: Re: Possible AIM Hack?
On Tue, 14 Mar 2006 16:12:50 EST, Steven said:
logged off and can no longer logon anymore -- then that is a
different
