Previous Story
Software Firm: Dangerous Security Flaw in Trillian
Posted On 25 Mar 2005
CYBERSPACE – A reported flaw in a popular instant message (IM) client has security experts concerned that some its users might be open to a sophisticated hacker attack.Trillian, produced by Cerulean Studios, is a widely-used IM client that brings several instant messaging systems together under one application and one interface. LogicLibrary, a company that makes software development tools, is warning that a design flaw in Trillian could allow hackers to gain complete control over the operating system of a Trillian user.
Cerulean CEO Scott Werndorfer said the reported vulnerability in Trillian is “extremely low risk.” The company warned users to be cautious about any communications or data transfers with unknown individuals.
According to LogicLibrary, it first reported the vulnerability to Cerulean back in 2003; however, the flaw seems to have been transferred to the latest release of Trillian, which is version 3.1.
“In order to build trust and confidence in the quality of today’s software, LogicLibrary believes it’s crucial that vendors work closely together to fix problems and provide the public with as much information as possible,” said LogicLibrary general manger Ralph Massaro.
There have not yet been any reports of the vulnerability being exploited by hackers, and Cerulean has announced work on an update to fix the flaw.
Trillian users are advised to update their software to the current 3.1 version and, if possible, avoid using the Yahoo IM portion of the program until Cerulean issues another update.
IM clients have come under increasing security scrutiny in recent weeks following a clever phishing attack involving Yahoo’s IM client. The attack led unsuspecting Yahoo IM users to a webpage designed to look like an official Yahoo company page; users who attempted to “log in” to their Yahoo accounts unwittingly gave their username and password to criminals.
Some security experts have argued that IM hacker attacks are just getting started, and they expect IM clients to be targeted more frequently by hackers in the future.
