Security group: AIM fix features flaw
Source: CNN
L33tdawg: Hmmmz -- this is bad news. How can anyone in the future expect to take w00w00 seriously (as a network security solutions provider or whatever) knowing that they've previously released a patch for a security hole that had a backdoor implanted in it? *tsk tsk* Bad w00w00 -- no cookie for you. Although w00w00 did apologize for the error, it shouldn't have happened in the first place.
Software recommended by security group w00w00 to plug a hole in America Online's Instant Messenger opens the user's system to hacker attacks and can direct the user's Web browser to pornographic Web sites, w00w00 says.
The security group was the first to publicize the hole in AIM last week, prompting AOL to take action and correct the problem on the server side within a few days.
America Online is a sister AOL Time Warner company to CNN.com.
In its initial warning, w00w00 advised users to download and install a third-party program called AIM Filter for immediate protection, but this software comes with its own security problems, a member of the w00w00 team writes in a posting to the Bugtraq mailing list.