COMMAND

    Aol Instant Mess

SYSTEMS AFFECTED

    AIM 2.0

PROBLEM

    a|chEmist found  following.   In the  newest version  of AIM  (AOL
    Instant Messenger)  there is  a way  to transfer  files.  When you
    are transferring the file, you can open a DOS prompt and type:

        netstat -a -n

    By doing  this you  (obviously) can  get the  person's IP address.
    Usually it will be on port 5190.  This may seem pointless  because
    usually not much can be done with simply an IP address, but  under
    certain circumstances this can be  useful.  The reason this  is an
    issue is because  until now AIM  was anonymous in  as much as  the
    client   IP   was   never   disclosed   to   other  clients.   All
    communication  between  clients   in  AIM  was   handled  via   an
    intermediary server.  This breaks that anonymity which is a shame.
    Anyone who is  been on IRC  can attest to  the harassment one  can
    come under by someone else just by them knowing your IP address.

SOLUTION

    Nothing yet.