Thanks go to NewOrder for the heads up on yet another flaw, this time in AOL's IM chat program.
A security flaw in AOL's popular online chat program could allow a remote attacker silently to penetrate the computer of users of the software, security experts said today.
The vulnerability in AOL Instant Messenger (AIM) for Windows could enable a malicious person to write a self-propagating program, or "worm," that could use AIM to spread itself to users in a victim's "buddy list," according to the security research group that discovered the bug, w00w00 Security Development.
"The implications of this vulnerability are huge and leave the door wide open for a worm not unlike those that Microsoft Outlook, IIS, et. al., have all had," wrote the researchers in an advisory published today on the Web and on several security mailing lists.
The security hole lies in an AIM feature that allows users to invite other AIM users in their buddy list to play online games such as Quake and Canasta, the security group said.
Source code to a program that exploits the vulnerability, which stems from AIM's handling of specially crafted game requests that overflow the program's memory buffers, was posted at w00w00's Web site.
A temporary solution is to go into your Preferences and in the Privacy section click "Allow Only Users on My Buddy List" under "Who can contact me."
News source: washingtonpost.com - NEWSBTYES
View: w00w00.org - AOL IM Advisory and technical details and Example Code for exploit
A security flaw in AOL's popular online chat program could allow a remote attacker silently to penetrate the computer of users of the software, security experts said today.
The vulnerability in AOL Instant Messenger (AIM) for Windows could enable a malicious person to write a self-propagating program, or "worm," that could use AIM to spread itself to users in a victim's "buddy list," according to the security research group that discovered the bug, w00w00 Security Development.
"The implications of this vulnerability are huge and leave the door wide open for a worm not unlike those that Microsoft Outlook, IIS, et. al., have all had," wrote the researchers in an advisory published today on the Web and on several security mailing lists.
The security hole lies in an AIM feature that allows users to invite other AIM users in their buddy list to play online games such as Quake and Canasta, the security group said.
Source code to a program that exploits the vulnerability, which stems from AIM's handling of specially crafted game requests that overflow the program's memory buffers, was posted at w00w00's Web site.
A temporary solution is to go into your Preferences and in the Privacy section click "Allow Only Users on My Buddy List" under "Who can contact me."
News source: washingtonpost.com - NEWSBTYES View: w00w00.org - AOL IM Advisory and technical details and Example Code for exploit
"Contract prices need to be readjusted again to narrow gaps with spot prices," a Samsung executive told Reuters. He declined to specify how large an increase Samsung might make.
Samsung and Hynix both raised contract prices for DRAM chips, used for memory in personal computers, twice late last year.
Their top clients include Intel, IBM and Dell Computer.
Shares surge
Their shares soared on Wednesday's news of further rises.
Hynix finished up 15 percent, the shares' daily limit, at 2,780 won. Samsung closed up 10.4 percent at 308,000 won, leading the benchmark stock market index up 4.5 percent.
Taiwan's memory chipmakers also jumped on the news, with Powerchip Semiconductor surging the daily seven percent upward limit and rival Mosel Vitelic adding 4.7 percent.
Spot prices for DRAM have mounted a recovery in recent weeks after a year-long slide that erased 90 percent of their value and made the cost of production more expensive than selling prices.
The slump was blamed on excessive supply and an abrupt slowdown in global demand for PCs.
Analysts said prices were still short of production costs and that a full recovery was not expected until the third quarter at the earliest.
"Chipmakers are still selling products below costs," said Jon Woo-jong, an analyst at SK Securities. "They need to sell them at a minimum of $3.2 on average to cover costs."
Spot prices for standard 128 MB 16x8 DRAM chips were quoted at $2.68 on average on Wednesday by DRAMexchange (www.dramexchange.com), an industry Web site. That was up more than four percent from Monday.
Narrowing the field
A global move to consolidate the sector, as seen in the Micron-Hynix talks, could help facilitate a recovery, analysts said. Hynix expects an alliance with Micron to take shape this month, including the possible sale of DRAM production facilities to the U.S. company.
"We'll decide whether to sign an agreement in January," Hynix President Park Chong-sup said in an e-mail to employees released on Wednesday.
Hynix has said it might sell operations making the most common types of DRAM chips to Micron. Micron has already moved to grab a bigger chunk of the sector, agreeing in December to buy a U.S. chip plant from Japan's Toshiba.
The decision came after a planned DRAM tie-up between Infineon Technologies and Toshiba fell through.
Infineon Chief Executive Ulrich Schumacher said afterwards the German firm had opened talks with Taiwanese makers Nanya Technologies, Mosel Vitelic and Winbond Electronics regarding possible tie-ups.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.