Forgot your password?
typodupeerror
America Online Microsoft Businesses Communications

David Auerbach Explains the Inside Baseball of MSN Messenger vs. AIM 86

Posted by timothy
from the doesn't-seem-that-long-ago dept.
In N+1 magazine, David Auerbach explains what it was like in the "Chat Wars" of the late '90s, when he was the youngest person on the team developing Microsoft's brand-new messaging app, in the face of America Online's AIM, the 900-pound gorilla in the room. Auerbach explains how he used a network analyzer to fake out AOL's servers into letting Microsoft's client connect to AIM as well. "AOL could only block Messenger if they could figure out that the user was using Messenger and not AIM. As long as Messenger sent exactly the same protocol messages to the AOL servers, AOL wouldn’t be able to detect that Messenger was an impostor. So I took the AIM client and checked for differences in what it was sending, then changed our client to mimic it once again. They’d switch it up again; they knew their client, and they knew what it was coded to do and what obscure messages it would respond to in what ways. Every day it’d be something new. At one point they threw in a new protocol wrinkle but cleverly excepted users logging on from Microsoft headquarters, so that while all other Messenger users were getting an error message, we were sitting at Microsoft and not getting it. After an hour or two of scratching our heads, we figured it out." Eventually, though, AOL introduced x86 assembly code into the login protocol, and that not only stymied the MSM team, but led to some interesting warfare of its own. Auerbach's story sheds a lot of light on both good and bad aspects of corporate culture at the start of the 21st century, at Microsoft as well as other companies.
This discussion has been archived. No new comments can be posted.

David Auerbach Explains the Inside Baseball of MSN Messenger vs. AIM

Comments Filter:
  • by 140Mandak262Jamuna (970587) on Tuesday April 22, 2014 @11:44AM (#46815569) Journal
    The AOL coders did not try to incorporate a challenge and response system based on public/private keys. Or use some sort of digital signature in their clients to authenticate themselves as the "true build" from AOL. Not surprised. After all they wrote AOL.
  • by Anonymous Coward on Tuesday April 22, 2014 @11:53AM (#46815649)

    And the world is better off for it.

  • by Minwee (522556) <dcr@neverwhen.org> on Tuesday April 22, 2014 @11:58AM (#46815703) Homepage

    But AOL’s client had a security bug in it, called a buffer overflow. [...] AOL knew about this bug in their program and now they were exploiting it! That was what all those double zeros were for—they were just filling up space in the program’s buffer until they hit the end of the AOL client’s buffer and started overwriting executable code with the remainder of the protocol message. AOL was causing the client to look up a particular address in memory and send it back to the server.

    There's something that you could always count on AOL for -- Respect for the users. Most companies, when faced with a trivially exploitable buffer overflow that could cause their chat client to execute arbitrary code would classify it as a bug and feel compelled to fix it, but that's not the AOL way. Instead they changed it from a bug to a feature which enhanced security by verifying the client's identity.

    And if somewhere along the way someone else used it to own an army of AOL-zombie PCs, then that's just the price you pay. You can't make an omelette without breaking a few arms.

  • by gstoddart (321705) on Tuesday April 22, 2014 @11:59AM (#46815711) Homepage

    Not surprised. After all they wrote AOL.

    Well, there was a time when someone believed AOL was worth enough to buy Time Warner with just stock.

    Good times ... an era with some of the most graphic examples of the stock market losing track of how money and value actually works.

    That more or less convinced me right then and there it was all a fairy tale, and the ABCP-caused meltdown of '08 has only reinforced that.

    Let's face it, the stock market is a big Ponzi scheme which is often completely detached from reality.

    Convince enough people that it makes sense for a company to be trading at a value equal to 100 years worth of income, or that junk debt is AAA rated ... and you can scoop up lots of money too.

  • by ptaff (165113) on Tuesday April 22, 2014 @12:53PM (#46816157) Homepage

    Yeah, those long forgotten chat-silo days when you needed an ICQ account, an AIM account, a MSN account, a Yahoo account to reach all your friends... fortunately XMPP/Jabber would solve all of this, and even Google would embrace the open standard with their new GTalk.

    Oh! wait... it was a bait and switch [slashdot.org].

    Don't be evil does not mean be good.

  • by Dcnjoe60 (682885) on Tuesday April 22, 2014 @02:37PM (#46817069)

    Well, when MS was presented with a closed, proprietary format, their solution was to reverse engineer it and admitting what a burden that was and how it hindered interoperability. Maybe they should re-evaluate their position on the Microsoft Office formats.

Those who do things in a noble spirit of self-sacrifice are to be avoided at all costs. -- N. Alexander.

Working...