IoT
News
News
3/25/2005
06:06 PM
50%
50%

Security Flaw Found In Trillian IM Client

The popular Trillian instant-messaging client contains a security flaw that could allow a hacker to gain control of a person's computer.

The popular Trillian instant-messaging client contains a security flaw that could allow a hacker to gain control of a person's computer, a software company said Friday.

To take advantage of the vulnerability, the hacker would have to use an advanced technique called DNS cache poisoning, which redirects PC users from real sites to spoofed copies, said Matt Hargett, director of development for Pittspurgh, Pa.-based, LogicLibrary Inc. The tactic involves a hacker first compromising a DNS server, which is used on the web to direct computers to websites.

Once Trillian, which is made by Cerulean Studios in Connecticut, is directed to a spoofed server, a hacker could upload malware by overflowing the software's buffer, or temporary storage area, with data containing executable code. Overflowing the buffer fools the software into running the code.

The damage to an infected PC could range from an annoying program crash to a hacker gaining control of the machine, Hargett said. Such an attack is particularly nasty because the user is unaware that his computer is being hijacked.

"You're not doing anything wrong," Hargett said. "You're just starting up Trillian, and thinking its going to an (IM) server."

A patch for the vulnerability was not available on Cerulean Studio's website on Friday.

Trillian, which is available at no charge, lets people access several instant messaging services simultaneously, such as those from America Online Inc., Yahoo Inc. and Microsoft Corp. The software is currently in version 3.1.

LogicLibrary makes software tools used to spot vulnerabilities in applications during the development process.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for InformationWeek Newsletters
White Papers
Current Issue
2016 InformationWeek Elite 100
Our 28th annual ranking of the leading US users of business technology.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.