Security comprimised at AOL again
The newest exploit allowed a hacker to get full access to Merlin which is AOL's users database. Merlin currently lies on AOL's internal network but the expoilt would allow you access.The hack involves tricking an AOL employee into accepting a file using Instant Messenger or uploading a Trojan horse to an AOL file library. When the file is executed, the Trojan horse connects the user who launched it to an Internet relay chat server, which the hacker can use to issue commands on the targeted machine. This allows the hacker to enter the internal AOL network and the Merlin application. Merlin requires a user ID, two passwords and a SecurID code, all of which hackers obtain by spamming the AOL employee database with phony security updates, through online password trades, or by "social engineering" attacks over IM or the telephone. The hacker who first used this exploit is said to be a 14-year-old boy. Story ripperd from here.