If you haven't heard about the AIM (AOL instant messenger) vulnerability announced today, you can read about it in this MSNBC report. This is a scary one since it's 1) faily easy to accomplish, 2) source code for doing so was made available by the group that brought the problem to light and 3) so many people are using AIM.
AOL says they will have a patch for the problem in a day or two, but given the severity of this problem, I'm suprised that they aren't shutting down their AIM servers in the meantime to avoid exposing anyone to this.
If you're running the Windows AOL Instant Messenger program, I would suggest that you do one of the following:
- Try Trillian instead. It has most of the features of AIM but currently doesn't have the feature that this exploit targets. It's a beautiful chat client and supports MSN, Yahoo and ICQ chat networks as well!
- Change your privacy options to only allow messages from people on your buddy list. This will give you some protection so that messages from strangers are ignored. Once AOL fixes this problem, you can reverse the option.
- Turn AIM off until the problem has been fixed. If you're really paranoid, this is the best solution. If you're really really paranoid, uninstall AIM altogether or use Trillian which allows for secure instant messaging with other Trillian users.