Yahoo Messenger Flaw Highlights IM Security Issues

By NewsFactor Network | December 15, 2006

A glitch in Yahoo’s instant-messaging program has prompted the company to issue a patch for what experts have called a “highly critical” flaw.

According to a statement posted on Yahoo’s Web site, the flaw lets malicious hackers cause a buffer overflow in users’ computers. A buffer overflow is a common hack attack in which a program attempts to store too much data in the space allotted for it, causing the system to spin out of control and crash.

The Messenger overflow is accomplished by means of ActiveX, a set of Microsoft components used to enhance the features of Internet software.

If struck by the buffer overflow, users could be forcibly logged out of Messenger, or even see Internet Explorer and other software crash. While less likely, the Messenger flaw could be used to remotely plant malicious software on a user’s computer, which in turn would allow a hacker to hijack it.

IM in the Enterprise

Yahoo’s Messenger is used largely by consumers, and competes with AOL’s AIM and Microsoft’s Windows Live Messenger, among others. But even consumer instant-messaging software has seeped into the enterprise, giving I.T. departments and threat-detection experts no small number of headaches.

“In the past year, the way that large companies think about IM has changed, in the sense that it’s no longer that small groups of users can do it and be ignored by I.T.,” said Mark Levitt, program vice president for collaborative computing and the enterprise workplace at research firm IDC.

“Instead of having people just rely on Yahoo, Google, ICQ, and others, they’re increasingly deploying Microsoft’s Live Communications Server” and other business-grade IM systems, he added, to regulate and protect the way that employees use instant messaging.

Three Drivers

As with e-mail, IM has led companies to worry about the influx of virus attacks, Trojans, and other malware, not to mention the…

Bookmark and Share :-)