This preview shows page 1. Sign up to view the full content.
Unformatted text preview: e else’s. The AOL exploit code sampled a small number of locations in the memory image of the client, packed them into a network packet, and sent them back to the server. If the server did not receive such a packet, or if the packet it received did not match the expected “footprint” of the AOL client, then the server assumed the client was not an AOL client and denied it access. So if other IM clients, such as Microsoft’s, wanted access to the AOL IM servers, they would not only have to incorporate the buffer overﬂow bug that existed in AOL’s clients, but they would also have to have identical binary code and data in the appropriate memory locations. But as soon as they matched these locations and distributed new versions of their client programs to customers, AOL could simply change its exploit code to sample different locations in the client’s memory image. This was clearly a war that the non-AOL clients could never win! The entire episode had a number of unusuals twists and turns. Information ab...
View Full Document
- Spring '10
- The American