AOL Instant Messenger Vulnerabilities Shows Risks of Public IM Networks.

According to Omnipod, the leading ASP instant messaging (IM) platform for enterprises, the identification of a buffer overflow flaw in AOL’s AIM service earlier this week underscores the security risks companies face from the uncontrolled or rogue use of public IM services. According to AOL, the security hole can be exploited to take control of users’ PCs. The flaw leverages a weakness in the IM client, and a lack of security controls and monitoring in the AIM service. Although AOL has been aware of the security issue since July 12, the company did not notify its 36 million users until August 9. AOL has stated it will release an update to correct the issue before the week’s end.

‘Unlike public IM networks, all executable text on our IM network is immediately stripped via our proprietary technology, so users simply aren’t at risk from this type of threat,’ said Gideon Stein, CEO of Omnipod. ‘Our POD technology takes the best aspects of public networks’presence detection and instant access’and incorporates those into a highly-secure service for real-time communications.’

Engineered to prevent the security vulnerabilities common in consumer IM platforms, Omnipod’s private IM network prevents the security problems of public IM and file sharing offerings by combining strict administrative controls with 168-bit 3DES SSL encryption, protecting POD users from hackers as well as from the common viruses and worms that routinely infect consumer IM systems.

Concludes Stein, ‘We pose this question to all companies still communicating via Yahoo, AOL or MSN: If you aren’t using Hotmail, AOL or Yahoo for enterprise email, then why rely on them for real-time messaging?’

About Omnipod
Omnipod, Inc. was founded in 1999 to provide a secure, centrally controlled communications platform built on instant messaging technology. Omnipod’s Professional Online Desktop (POD) is designed for enterprise use and seamlessly integrates file sharing and transfer capabilities, as well as numerous other secure communications functions into a presence-based messaging infrastructure. The company’s platform is presently deployed with a number of organizations and Fortune 500 companies in a cross section of industries. Omnipod’s investors include Lexington Ventures, Mapleton Investments and private individuals.

Contact: Caroline Venza, Antenna Group (for Omnipod)