» AOL - Roger's Information Security Blog

Posts tagged ‘AOL’

TweetBrawl

January 18, 2010, 12:43 am

Looks like Purewire has taken a page from AOL’s AIM Fight and have put up Tweet Brawl

AIM Fight attempts to determine how popular you are right this second by looking at your online buddies and their online buddies out to the third degree of separation. It actually uses people connected to you so you can’t game the system by friending the world (like that stupid Luke Wilson AT&T ad).

TweetBrawl is merely follower based. The results aren’t going to change unless someone loses or gains a lot of followers.

If you want to follow me at @infosectweet maybe I’d have a chance of wining one of these things.

Tags: AOL, Purewire
Category: General | Comment

MessageLabs Adds Public IM Security Service

June 16, 2009, 2:02 pm

This is interesting. After I wondered yesterday about the applicability of IM security products that ignore social networks, MessageLabs announced the launch of a new public IM security service. The solution does not address any of the problems I mentioned.
The press release mentions AOL’s AIM, Yahoo! Mail and Microsoft MSN, but does not mention Google Talk. This service protects public IM protocols whereas the existing Enterprise Instant Messaging product (from the purchase of Omnipod) is a enterprise product competing with OCS/LCS.

Tags: AOL, Google, MessageLabs, Microsoft
Category: General | Comment

AIM 6.8 login fails through IM Manager

January 10, 2009, 1:41 pm

Beginning yesterday, AIM 6.8 clients couldn’t log in through Symantec IM Manager. This was caused by a change in AOLs SSL certificate for kdc.uas.aol.com and IM Manager could not longer validate the cert. IM Manager is an enterprise IM security and logging product.
A workaround is posted on the IM Manager knowledgebase.

Tags: AIM, AOL, Symantec
Category: General | 2 Comments

Virginia High Court Strike Down Anti-Spam Law

September 12, 2008, 12:01 pm

http://www.washingtonpost.com/wp-dyn/content/article/2008/09/12/AR2008091201211.html?hpid=topnews
In 2004 Jeremy Jaynes was convicted under Virginia’s Anti-Spam law for sending 10 million spam emails through AOL servers located in Virginia.
Virginia’s Supreme Court has overturned that conviction and struck down the Anti-spam law.
“The court unanimously agreed with Jeremy Jaynes’ argument that the law violates the free-speech protections of the First Amendment because it does not just restrict commercial e-mails.”
The weak Federal CAN-SPAM law that has done nothing to stop spam remains in effect.
Here is a link to the ruling.

Tags: AOL, eMail, Spam
Category: Cyberlaw, Spam | Comment

Symantec IM Manager and AOL SSL

July 1, 2008, 8:06 pm

The latest Symantec IM Manager includes support for AIM 6.8. This is kind of a big change because previously there was no way to support AIM clients that required SSL logins.
AIM has provided a method whereby we register our domain names with AOL, so when the AIM 6.8 client attempts to log in, AOL directs the client to our internal IM Manager server. As part of setting this up I purchased a SSL cert for my IM Manager server. The client connects using our certificate, therefor the IM Manager server is still able to apply security and perform logging as appropriate.
This support is not retroactive to AIM Pro clients. In fact, I’m told that although this was originally designed for AIM 6.5 as well, AOL made some changes that aced out that client.
I’m not sure I trust AOL not to make major changes again and leave AIM 6.8 installs in the cold. But it is better than being stuck with incredibly old versions of AIM.
Is there an ethical and legal issue here as well? While users are advised that this is our network and our computers, might they argue that they have a reasonable expectation of privacy since AIM is using SSL?

Tags: AIM, AOL, Symantec
Category: General | 1 Comment

AOL Password Truncation

May 6, 2007, 4:17 pm

Brian Kreb’s Security Fix is reporting AOL is truncating passwords at 8 characters. I think our Solaris servers were doing the same thing until we upgraded to version 10. In fact, here’s a blog entry from the SUN Security Coordinator’s blog claiming that password truncation is a security feature. In other words, its a feature not a bog.

Tags: AIM, AOL, Passwords
Category: General | Comment

On Net Neutrality

August 4, 2006, 10:20 am

The folks over at Movable Type are very proud they they are the technology behind a new website called Its Our Net, sponsored by Google, Microsoft, Yahoo, AOL, Haliburton and Enron.
It seems to me that these huge companies want to provide big bandwidth items. They dont want the ISPs to stand in the way of these big companies getting eyes on the content.
They say they dont want a tiered Internet. There is already a tiered system between dialup and broadband. Even in broadband, I can pay more and get a faster connection. They don’t want quality of service. Quality of service is important in keeping my neighbors bittorrent downloads from affecting my ability to surf the web.
I checked out their site, and it looks like scare tactics. Imagine a world where you can’t successfully research health issues online! I dont see that happening today. What I see is the opposite. Big company ESPN is making ISPs pay so their subscribers can access premium content. They imply that any ISP not paying is providing degraded service. Why don’t they just go the subscription route like every other premium service? They are just following their lessons learned from the cable world. Its easer to force a cable company to make all their customers pay, than it is to get them to sign up individually.
I wonder if so-called net neutrality would allow ISPs to block malicious traffic or undesirable traffic? Would porn filtering family friendly ISPs be allowed to exist anymore? I kind of wonder? They aren’t exactly “net neutral” if they are blocking.
Hands off The Internet has much better arguments in my opinion.

Tags: AOL, Google, Microsoft
Category: Offtopic | Comment

Toll Gate on the Information Superhighway

February 5, 2006, 3:28 pm

Yahoo and AOL have announced plans for a preferred spammer program, where by a sender can pay fractions of a cent per email and bypass all filters. Its not clear whether this program will actually whitelist unsolicited commercial email or if it will only whitelist valid email from participating companies.
This new plan would appear to be an abandonment of Yahoo Domain Keys and Microsoft Sender ID.

Tags: AOL, eMail, Microsoft, Spam
Category: Spam | Comment

AIM Bots

November 17, 2005, 6:25 pm

On November 16, AOL added a “AIM Bots” group to AIM users buddy list. This group contained buddies Moviephone and ShoppingBuddy. A popup indicated that the bots had been added, but it was not clear who really added the new buddies or why. Apparently AIM was seeking to promote knowledge about the bots, which are a way to query movie times and shopping info via IM.
This intrusion is much worse than when aim first started adding ads to the aim client. The protests against this action were even mentioned on Drudge. I dont use third party IM clients like Trillian or software to remove the ads from AIM. I wonder if they are free from this annoyance.
While we are able to delete the bot buddy group manually, you may want to let AOL know what you think by sending a message to megabotfeedback@aol.com. I’d use a disposable email account for that email.

Tags: AIM, AOL, eMail
Category: General | Comment

IM Security

November 1, 2005, 7:19 pm

Lots of IM Security noise this week. From technews “Your Next IM could be Your network’s last by Gregg Keizer:
Facetime is issuing a “Worm Free Guarantee” on tuesday as it released Facetime Auditor 6.5. AFAIK they rely on thresholding to watching clients sending too many messages in a short period of time. When I evaluated an earlier version of Facetime’s product in October, I was plagued by problems.
IMLogic pointed out theyuse RTTPS technology to detect odd behavior and block the transmission. RTTPS is an add-on piece for their IMLogic product. It was not available when I tested IMLogic in September. I asked about getting a new beta and was told they don’t do that because evals are limited to 50 users and RTTPS doesn’t eval well with that number of users. When I evaled IMLogic file transfer did not work with AIM and MSN Messenger.
The article says that it is possible to create an IM exploit that automatically runs exploit code using keystroke macros found in MSN and AOLs product. (I haven’t heard of this before)
I had Akonix on site today and will be beginning an eval of them next week. They have been doing IM Security for a while now. They are still using updating block lists. Its a better defense than what IMLogic and Facetime gave me to demo. However, I find myself wondering if these two vendors haven’t jumped right back into the game with their new releases.
Being dependent on updates as Akonix is, is not a good place to be. Think of it like email. When there were a low number of email virues and they spread slowly, it was rare for a virus to get by. But as the volume of email viruses increased, their speed increased and more got by. Today viruses target specific companies and industries. The update model of security is not good enough for that. But based on my poor experience in evaluating IMLogic and Facetime, I really dont trust their press releases. Hopefully my eval of Akonix will fare better than these previous two.

Tags: AIM, AOL, eMail
Category: General | Comment

Roger's Information Security Blog