Trilight Zone Forum Index Trilight Zone
Privacy & Anonymity is our speciality !
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Yahoo Messenger Flaw Highlights IM Security Issues

 
Post new topic   Reply to topic    Trilight Zone Forum Index -> Security
Author Message
tricore
Guest
PostPosted: Tue Jan 02, 2007 5:20 am    Post subject: Yahoo Messenger Flaw Highlights IM Security Issues Reply with quote
A glitch in Yahoo's instant-messaging program has prompted the company to issue a patch for what experts have called a "highly critical" flaw.

According to a statement posted on Yahoo's Web site, the flaw lets malicious hackers cause a buffer overflow in users' computers. A buffer overflow is a common hack attack in which a program attempts to store too much data in the space allotted for it, causing the system to spin out of control and crash.

The Messenger overflow is accomplished by means of ActiveX, a set of Microsoft components used to enhance the features of Internet software.

If struck by the buffer overflow, users could be forcibly logged out of Messenger, or even see Internet Explorer and other software crash. While less likely, the Messenger flaw could be used to remotely plant malicious software on a user's computer, which in turn would allow a hacker to hijack it.

IM in the Enterprise

Yahoo's Messenger is used largely by consumers, and competes with AOL's AIM and Microsoft's Windows Live Messenger, among others. But even consumer instant-messaging software has seeped into the enterprise, giving I.T. departments and threat-detection experts no small number of headaches.

"In the past year, the way that large companies think about IM has changed, in the sense that it's no longer that small groups of users can do it and be ignored by I.T.," said Mark Levitt, program vice president for collaborative computing and the enterprise workplace at research firm IDC.

"Instead of having people just rely on Yahoo, Google, ICQ, and others, they're increasingly deploying Microsoft's Live Communications Server" and other business-grade IM systems, he added, to regulate and protect the way that employees use instant messaging.

Three Drivers

As with e-mail, IM has led companies to worry about the influx of virus attacks, Trojans, and other malware, not to mention the potential escape of internal data, such as financial plans or trade secrets.

But there's a third driver that's shining a light on IM's security holes: A growing number of laws, such as the Healthcare Information Portability and Accountability Act (HIPAA), Sarbanes-Oxley (SOX), and Gramm-Leach-Bliley (GLB), mandate the careful review and retention of electronic documents.

According to Levitt, a recent change in the rules that govern e-discovery -- the process of searching hard drives in response to legal complaints and litigation -- has also upped the ante in IM security.

"The ability to comply with those rules, as well as the increasing numbers of other regulations, like SOX, has required companies to become aware of what they have, and increasingly retain that information and make it available to governments and plaintiffs in lawsuits, and even their own staffs," he said.
Back to top
Display posts from previous:   
Post new topic   Reply to topic    Trilight Zone Forum Index -> Security All times are GMT
Page 1 of 1

 


Powered by phpBB © 2001, 2005 phpBB Group