The battle between Microsoft and America Online over access to the latter's instant messaging system took a new turn Thursday, after an independent intrusion-detection and security company confirmed Microsoft accusations of a bug in AOL's code.
Network ICE has uncovered a buffer overflow bug within the latest coding of AOL Instant Messaging servers that would enable the systems to identify and block Microsoft users. Network ICE develops intrusion-detection applications to identify hacking attempts, including buffer overflow attacks.
"We logged into an AOL server using an AOL Messenger and did a capture of the traffic between a server and a client. During the log-in process I found what indeed was a buffer overflow exploit," said Robert Graham, Network ICE's chief technical officer. "We make a product that detects buffer overflow exploits, so we were looking into it anyway."
The bug does not attack Microsoft clients attempting to gain access to AOL Instant Messaging servers, but instead affects AOL clients. When an AOL client logs onto an Instant Messaging server, the client will actually send back too much information-like a buffer overflow exploit-therefore identifying Microsoft Messaging clients that do not send back this information excess.
"When an AOL client connects, [it] sends back more information than [the server] expects. The bug is in the AOL client, which is interesting," Graham said. "The buffer that they reserved was 256 bytes. For that buffer, what [the AOL client] sends is 256 bytes and then 24 bytes extra. They send 24 extra to overflow it."
The change of the AOL Instant Messaging server code to include the exploit is the latest in a series of attempts to keep Microsoft instant messaging systems out of the AOL domain.
Network ICE insists that it does not want to take sides between the two industry giants, but that it intends to protect its users from the AOL exploit being used surreptitiously by hackers. A hacker, according to Graham, could masquerade as the AOL exploit to gain access to systems.
"A hacker could interpose themselves between the AOL server and the client and then change the AOL overflow," Graham said. "My goal is not to say anything in the battle between Microsoft and AOL. My goal is to analyze what is going on on the wire."
Network ICE's BlackICE intrusion-detection application has been updated to allow for the AOL exploit, but to monitor for alterations to the original code, which might give away a hacker, according to Graham.
This story from Infoworld.com Copyright © 1999 InfoWorld Media Group, Inc.
RELATED LINKS
