Security Flaw Found In Trillian IM Client

The popular Trillian instant-messaging client contains a security flaw that could allow a hacker to gain control of a person’s computer, a software company said Friday.

To take advantage of the vulnerability, the hacker would have to use an advanced technique called DNS cache poisoning, which redirects PC users from real sites to spoofed copies, said Matt Hargett, director of development for Pittspurgh, Pa.-based, LogicLibrary Inc. The tactic involves a hacker first compromising a DNS server, which is used on the web to direct computers to websites.

Once Trillian, which is made by Cerulean Studios in Connecticut, is directed to a spoofed server, a hacker could upload malware by overflowing the software’s buffer, or temporary storage area, with data containing executable code. Overflowing the buffer fools the software into running the code.

The damage to an infected PC could range from an annoying program crash to a hacker gaining control of the machine, Hargett said. Such an attack is particularly nasty because the user is unaware that his computer is being hijacked.

Read the complete story @ TechWeb News

Related Posts

1. MSN Messenger network to kick off third party applications (as Trillian) by Oct. 15.
2. A Browser Flaw a Day Keeps Hackers at Play
3. Kazaa Security Flaw
4. Firefox a “complete security mess”
5. Ex-Microsoft Security Strategist Joins Mozilla