In January 2002, a hole was discovered in the AOL Instant Messaging client. After many attempts to contact AOL about the hole, w00w00 (the group who discovered the hole) eventually managed to contact the relevant people within AOL and the hole was fixed by AOL placing filters on it's Instant Messaging servers.
Now another researcher, John Hennessey, on finding a variation of the original vunerability discovered in January, tried use the normal AOL channels to report the security hole, but came up empty. So he turned to w00w00, who using their contacts gained on their first encounter with AOL to pass on this new variation, which is now being filtered on AOL's Instant Messaging servers.
In an advisory posted today, w00w00 say that they are sad that this new researcher had to resort to contacting w00w00. They say that they are indeed disappointed and once again call on vendors to make it easier to report vunerabilities and holes discoverd in their software, if they are to protect their customers from malicious users.
Matt Conover, a member of w00w00 and a student at Utah State University in Logan, Utah, says that while AOL Time Warner's fix prevents the current hole from being used to attack another user or to spread worms or viruses through instant message chats, he worries that an online vandal may find another method that could also elude AOL's fix.
w00w00 advise users with this simple message :- At least for now - switch to an Instant Messaging provider that has well-defined venues for reporting vulnerabilities.
News source: CNet News
View: w00w00 - AOL Instant Messenger Overflow #2
Now another researcher, John Hennessey, on finding a variation of the original vunerability discovered in January, tried use the normal AOL channels to report the security hole, but came up empty. So he turned to w00w00, who using their contacts gained on their first encounter with AOL to pass on this new variation, which is now being filtered on AOL's Instant Messaging servers.
In an advisory posted today, w00w00 say that they are sad that this new researcher had to resort to contacting w00w00. They say that they are indeed disappointed and once again call on vendors to make it easier to report vunerabilities and holes discoverd in their software, if they are to protect their customers from malicious users.
Matt Conover, a member of w00w00 and a student at Utah State University in Logan, Utah, says that while AOL Time Warner's fix prevents the current hole from being used to attack another user or to spread worms or viruses through instant message chats, he worries that an online vandal may find another method that could also elude AOL's fix.
w00w00 advise users with this simple message :- At least for now - switch to an Instant Messaging provider that has well-defined venues for reporting vulnerabilities.
News source: CNet News View: w00w00 - AOL Instant Messenger Overflow #2
NETCAPTOR 7.0 FINAL RELEASE NOTES
MAY 6, 2002
WHAT'S NEW IN 7.0?
- Full XP theme support NetCaptor UI, including icons, toolbars,loading animation, and logos.
- Tabs now display site-specific FavIcons (optional).
- CaptorBar now supports "auto-hide" mode. The tabs now sit sideways and can dock to either side of the screen. In auto-hide mode the CaptorBar will slide out when the cursor is over it.
- Repositioned close, close all buttons for better usability
- Information button address bar lets you lookup Whois, Related
- Links, Backward links, cached pages, Anonymizer,etc. about the current page. Fully customizable. This is a nice one!
- PopupCaptor will now flash an icon in the status bar when tab popups are closed
- Added option to PopupCaptor to automatically close tab popups when they are launched when a tab closes (great for not getting trapped at sites that don't want you to leave).
- Middle mouse click on links open in new window.
- Added option to enable/disable NetCaptor user-agent setting
- Added an automation interface for use in getting active tab url and title and in opening new tabs from URLs, CaptorGroups, and links.
- Favorites sidebar, popup form now support auto-expanding of folders when dragging items between folders.
- With FavIcon support turned on, tabs which are finished but not yet viewed now display the tabs FavIcon with the regular green checkbox in the bottom left corner.
- Changed orientation CaptorBar tabs. Now, when in autohide mode, you click on a tab to slide the CaptorBar out, while activating the selected tab. Much cleaner and easier to use!
- Toolbar Locking - right click on the main coolbar and lock the toolbar positions from the "Lock Toolbars" menu item.
- CTRL + D now brings up "Add to Favorites" dialog
- CTRL + SHIFT + D now toggles the data-entry mode setting
- Tray icon now minimizes, restores on a single click instead of requiring a double-click
- PopupCaptor URL matches are now case-insensitive
- Added a button that sorts the list view used by QuickSearch,
- Aliases, Address Tools, Translators, Search Engines, Search Bar.
- Added additional control character for use with Url Blocking and PopupCaptor. Generally, both assume a trailing *, so they can't be used to match against the "end" of a string. By appending a "$" character, they will match against strings which end with the specified pattern. To block al GIF images, you would specify *.gif$.
- Tooltip hints now display drop-shadow in XP
- Added option to use flat browser borders (on by default). Turn this option off to use the "fat" borders as found in IE.
- Added "Explore Data Folder" item to File Menu. This lets you explore the directory (it can be hard to find) where NetCaptor stores your option data
- Added horizontal scrollbar (when necessary) to Url Blocking and PopupCaptor lists
- Added "New Folder" to Favorites tab on CaptorBar
- Added "Privacy Settings..." menu item to Security Menu. IE6 "breaks" the older Cookies/Session cookies handling, and newer method is not documented so we just pop the Privacy tab on IE options.
- Added "Privacy Report..." menu item to Security Menu (only IE6)
- Added "NetCaptor Application" as EXE description to assist some firewalls in identifying NetCaptor to users.
FIXES (FROM RC2)
- Fixed toolbar positioning code relating to "locked toolbars"
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.