|
Vulnerability AOL Instant Messenger Affected AOL Description 's1' found following DoS attack on AOL. This DoS attack comes from a poor implementation of AOL Instant Messenger's warn "feature." You'll need to have AIM to create this DoS attack against someone using AOL. AOL's Instant Messenger has an option that allows you to "warn" other users. If you warn someone who is using Instant Messenger, they are notified that they've been warned by another user. What's interesting is that you can warn people using AOL, and they will not be notified that they've been warned. The warning system is based on percentage, and you can only get someone to a maximum of 35%. However, if you sign off the Instant Messenger service, and then sign back on, you'll be able to start warning them again. (70%) Repeat the log on/off trick, and continue to warn your buddy on AOL until they're at 100%. What happens then is that they'll be disconnected from AOL if they send more than 1 instant message every 10-15 seconds. The AOL person has no idea what has happened to them, and when they're booted from the service, the message they receive isn't very informative. Lots of fun to be had with this one. (note: you can only send as many warnings as messages you receive from a person, so you must engage your target in some type of conversation.) Solution 1) Don't use AOL 2) If you use AOL, don't talk to people using Instant Messenger