IM client vulnerable to attack

Hennessy has published a proof-of-concept showing the latest version of Trillian, v0.73, is vulnerable to a buffer-overflow attack that will allow individuals with malicious intent to run any program on the computer.

Trillion is a piece of software that allows you to connect to ICQ, AOL Instant Messenger, MSN Messenger, Yahoo Messenger and IRC with a single interface, despite some companies actively avoiding messenger interoperability.

According to Jason Ross, senior analyst at amr interactive, in June 2002 there were 28,000 home users of Trillian in Australia, about 0.4 percent of the Internet population, and 55,000 people using it at work, about 1.8 percent of the Internet population.

David Banes, regional manager of Symantec security response, told ZDNet Australia the code appeared to be valid.

-With these sort of things you have to find some process that would accept a connection, then throw loads of random data at it and get it to crash," he said. -Once it's crashed, you can try to find a way to exploit it."

He said the proof-of-concept that was published is designed to run on Notepad, but could be easily modified to run any program on the system. He said the problem was easy to fix by -writing protective code around that particular piece to more closely validate the data around that piece".

-Because people are pushed for productivity you tend to leave out the checks and balances you should put in, which is why we have all these buffer overflows and exploits out there now," said Banes.

Cerulean Studios, creator of Trillian, was contacted for comment but had not responded by the time of publication.

• Related stories

• Alerts

Add your opinion

This is total FUD, has no tech ...Anonymous -- 24/08/02

This is total FUD, has no technical backing, and the author even misspelled the name of the product.

• Reply to comment
• Reply to story
• Report offensive content

Just wondering if Cerulean Stu ...Anonymous -- 25/08/02

Just wondering if Cerulean Studios has yet to comment on this? It seems that they are being extremely quiet about it. Even within the Trillian community message boards each of the threads that address this issue have been locked. It seems that some members are so devoted/addicted to the boards that they attack even the slightest suggestion that Trillian isn't perfect. The threads containing such flames are then locked understandably but still other threads that raise the security issue question are locked even though they are without flaming content.

• Reply to comment
• Reply to story
• Report offensive content

hey, just read this artical an ...Anonymous -- 25/08/02

hey, just read this artical and im a frequent user of trillian. After reading and thinking about your piece i just wanted to clear a few things up
1) you SERIOUSLY underestimate the population of the internet. You think 55,000 is 1.8% of pop? That comes out to around 3 million users, you can try multiplying that number by about 50, and mabey we might have a general feel.

2) you say 80-90 thousand users on trillian home/work, lets see.. well over 5 million have downloaded trillian, even if that number were halfed twice due to second downloads your still your still way way way off.
3) "find some process that would accept a connection" Wow.. did you figure that out by yourself? I guess no one should use any program that connects online ever again for fear of somone who MIGHT find a way to get access to another machine through "some mysteryious" method.In the end your finding means nothing because anyone who has trillian, probably also has figured out how to use a firewall.

please think before pointings fingers and shouting wolf, rumours hurt, didn't we learn this in grade 1?

• Reply to comment
• Reply to story
• Report offensive content

He means the internet populati ...Anonymous -- 25/08/02

He means the internet population of AUSTRALIA and the trillian users in AUSTRALIA you idiot!

"logical thinker" MY ****

• Reply to comment
• Reply to story
• Report offensive content

Geez I use Trillian all the t ...Daz Al -- 27/08/02

Geez
I use Trillian all the time. Do I worry about being hacked ? no not really. There is hardly anything on my box worth other ppl time. Besides if I really need something done I use Linux. Trillian is a great piece of software and kudos to all who develop it.
ZDNet used to be (pun intended here) a good soruce of info however for the last 2 years the website has gone down hill ( and a very steep hill to boot). FUD FUD FUD all the way.

• Reply to comment
• Reply to story
• Report offensive content

Thanks a whole lot for publish ...Søren -- 27/08/02

Thanks a whole lot for publishing this!
Now anyone can hack my computer, thanks.

If you had just notified the Trillian people, let them make a patch and THEN PUBLISHED THE INFORMATION, I would still be vulnerable until the fix came, but not a likely target.

Provided that this is a genuine security breach (has anyone tested it?), this stupid guy just opened a brave new world for hackers (I know it's not the first IM to be vulnerable, but still).

• Reply to comment
• Reply to story
• Report offensive content

• Just In

• Most Popular

• Most Discussed

Reader Services

Popular Topics

Essentials