Brigham Young University

Brigham Young University - Idaho

January 8, 2002

USU student discovers glitch in Instant Messenger software

LOGAN, Utah (AP) — From his bedroom computer, 19-year-old Matt Conover can perform wonders or wreak havoc.

The Utah State University student insists he is an Internet security expert, not an underground hacker. Nevertheless, he spooked one of the world's largest media giants earlier this week with just a little brains and his desktop computer.

He leads an international team of what he calls “Internet security professional” that discovered a security leak in one of the most popular Internet applications in history — America Online's Instant Messenger. He then created a software program to exploit the vulnerability and posted it on his team's Web site.

Providing a tool for computer evildoers was not Conover's intent, he says. Rather, he wanted to alert AOL Time Warner to a serious problem. The glitch in its Instant Messenger software had the potential to let unwanted hackers into a user's computer to steal files or send unwanted e-mails.

“When I first did this, I intended it really for the Internet security industry,” Conover said. “When I released this, I didn't expect it to reach the general population and create this hysteria.”

News of what the teen did spread across the country in less than a day. AOL Time Warner, whose Instant Messenger is registered to more than 100 million users, jumped on the leak and fixed it by Thursday morning.

“The crisis was resolved on our servers, and we don't believe that anyone was affected by this” AOL's Andrew Weinstein said Thursday.

Conover's stunt landed him in newspapers and on radio stations as far away as Miami and Washington, D.C. And in the process, he got a lesson in the far-reaching scope of the Internet and how one person with a computer has the potential to create universal confusion.

He also illuminated a debate that has been raging between Internet security experts on whether the public at large should be told when their software is vulnerable to hacker attacks.

All material posted on Scroll eNews is property of BYU-Idaho Scroll.
Contact scrollinternet@byui.edu with comments or problems.