Core Components

One of my favorite quotes about the future comes from William Gibson: “The future is here, it’s just not evenly distributed yet.” Based on this, it is relatively easy to make future predictions by looking at some of the core things that are happening today.

Some of the trends I’m starting to look at in terms of defining how the next generation will work include

• The rise of always-on high-speed internet connections
• The IPzation of everything
• The drop in the price of real-world sensors
• The rise of participatory applications

Looking at each of the components individually, it is hard to form a picture of where the world is going. However, looking at them together and how they interact, a picture starts to form.

A seismic generational shift

We are now starting to reach the tipping point in what will be a major generational shift. Over the next few years, people who were born in the Internet era (ie. after the Internet became commonplace) will start entering the workforce. In a way, my generation (I’m 35) was too old to be part of this shift. Younger people, however, are used to a word where IM, email, SMS, and always-on communication is an inalienable right.

I believe this will force companies to start dropping restrictions on such uses of the network. Already, we are seeing more corporations adopt Instant Messaging (IM) as an approved form of communication (primarily for corporations with widely distributed workforce) to tag along with email, which has now become a de-facto in business. IM has changed some of the factors inherent to communication in the past: traditionally, communication between members of a distributed workforce was slow and relatively inefficient (yes, even Email had some inefficiencies in terms of productivity.) As things like IM, video IM, and shared applications over IM, take hold, workers can now have meetings with faraway places in the same fashion as they used to with their co-workers in a similar physical setting.

As those physical boundaries start to drop, what’s happening is also a rethinking of how teams are organized (with a growing emphasis on distributed virtual teams) and where people have to be to work (it doesn’t matter as much any more). Some smaller start-ups even forego the idea of having much of a physical location (for example, WeblogInc, which my friend Jason Calacanis sold to AOL last year, had no physical office prior to the sale).

RSS, while still nascent, is also starting to take hold in companies. As it becomes more and more of the way data is exchanged, RSS will start replacing other methods of giving updates. With the pervasiness of RSS as a delivery envelope (and, since it supports enclosures, RSS can deliver any type of data), the way sites are authored in the future will be not through a centralized approach (as is the current model, with a web server being connected in a one to one relationship with a data storage piece like a database) but through a decentralized model where specialized sites will offer narrowly focused types of services that will then be aggregated on a page. The early indications of this shift can be seen in the “mashups” of sites like Google Map and craigslist, for example and I believe the next generation of people entering the workforce will demand such freedom to recombine systems in the future. Along with the recombination of applications, they will also demand that such flexibility exist in the way they work and we will see the rise of a more modular and flexible workforce, with virtual teams replacing the more rigid structures that currently exist in corporations.

This is the first article in a 6 part series. You can read the following parts here:

• Part 1: Intro
• Part 2: Always on
• Part 3: IPzation
• Part 4: Sensors
• Part 5: Participatory Applications
• Part 6: Conclusion

Tristan Louis is the founder and CEO of Keepskor and writes the influential tnl.net weblog, where this was initially posted under the title Future Tense — Intro. You can follow him on twitter here or receive his weekly newsletter by subscribing here.

Before moving on, let me state that I do not consider myself an expert on that many subject. For example, I can probably talk about the intricacies of XHTML and WAI but I do not consider myself an expert in those areas as far as I see it: I do understand the specifications, do know how to implement them, and know what most hardcore geeks would know about them. Because of the people I surround myself with (my social network (more on that later)), I consider myself literate in the subject but would defer to other people if looking for true expertise.

What’s expertise?

Dictionary.com says that an an expert is

A person with a high degree of skill in or knowledge of a certain subject

. Under that definition, an expert could generally be seen as someone who knows more than the average person about a particular subject. So, in order to be an expert, one has to be on top of a subject and, if that subject evolves, on top of changes in that field or subject. Such a definition seems to point to the need for proper information gathering and the creation of a continuous loop to keep on top of data. So the question then becomes “How do you get information about different subjects and stay on top of latest developments in those subject areas?”. To answer this, one must analyze the patterns of information he/she processes and define sources.

Information gathering

On a day to day basis, we are receptors for a lot of information. For example, I get my pointers from print publications, radio, books, weblogs, news sites, email lists, personal email messages, and RSS feed on a daily basis. I rarely watch television as the broadcast model is one that often disturb me (it does too in terms of radio) because it requires that I be in a particular location at a particular time in order to catch a program. PVR system like Tivo are interesting in that they allow for some level of time-shifting but I’m finding that as far as return on time investment, video does little compared to text. As a result, I am living in a world where text is king, mostly coming to me in the form of digital bits going through my browser.

My information tools are relatively simple:

• Email: I use several email clients throughout my day, ranging from browser-based clients like the one offered by Spamcop to the one available on my Treo, to the one available on my computers. Important to me in terms of email is the ability to sort messages by threads so I can follow the progression of discussions at a glance, a very useful feature if you are dealing with several hundred pieces of email daily.
• Aggregator: For the longest time, I went back and forth on RSS aggregators as I find most of them to be lacking in some way or other. Most of my problem arose from the simple concept of synchronizing data. Tools like Radio Userland and Net News Wire are great if you are using a single computing device throughout the day but fail if you are switching back and forth between multiple ones. As a result, I’ve now settled on Bloglines, a great web-based aggregator that allows me to keep all my feeds organized in different folders and keeps me up on changes across all of the feed. This has been a huge time-saver, probably cutting 3–4 hours out of my daily routine of looking for new information.
• Instant Messaging: I have yet to find a solution that actually works well in terms of instant messaging as I have problems finding a solution that could work on my work computer, home computer, and mobile device (yes, my Treo is part of what I consider the information universe I live in). What I would look for is something that would allow me to recall any conversation I’ve had in IM and search all that data. For now, I still consider IM to be a black hole in my information universe.

Those tools, however, form the basis of what I call the information universe. They are, if you want, the plumbing that allows me to get my info.

Social Networks and Expertise

Step two in analyzing my information diet is to figure out what the sources are. The tools I listed above are great in an of themselves but completely useless if no traffic goes into them. This is where social networks tie in. Over the years, I’ve been lucky enough to meet a number of very smart people at different Internet conferences. Those people now represent the first rung on my social network when it comes to technology. Talking with them over email and IM, I can now get a good idea as to what they are up to, what they consider important, and what they see as issues coming up over the horizons. Weblogs, however, are going one step further, allowing me in some way to extend my social network.

Blogs and expertise

Because blogs are largely based on conversations, they increase the level of interactivity one has with interesting people. Using the plumbing provided by RSS (Thanks to the efforts of people like Dave Winer), one can get a good idea as to what’s going on in the blogosphere. With services like Technorati, people can track who is hot in the blogosphere. With services like Blogdex,Daypop, and Popdex, one can track what is hot in the blogosphere.

What those services allow you to do is basically mine the collective minds of thousands of bloggers and, much in the same way Google has used PageRank to figure what were the best URLs for a given keywords or set of keywords are, figuring out what people are talking about. While Clay Shirky may argue that the power laws distort those results, one could argue that looking at the sourcing of links is often as interesting as looking at what links are pointed to. From there, one can find some interesting commentary. Because of the ease of use of RSS aggregators, one can then try out a new commentator for a few hours, days, weeks and then decide whether that person is worth following.

So what does this have to do with expertise, you might start asking. Well, for starters, I’ve gone through and identified a few people who are considered interesting by the blog world (ie. the blogerati). Those people in turns can turn you on to other people who cover similar topics. For example, a big thing in the blog space is political blogs. I personally don’t care that much for them so those blogs are not among the ones I read. However, I do read a fair amount about technical issues and some of the people I read do speak about the intersection of politics and technology, a subject that does interest me. Over time, I have developed a list of bloggers I do read frequently, people whom I trust as experts on a particular subject. For example, I read Adrian Holovaty’s blog to get a better idea of what good newspaper sites are doing, and I read Alan Reiter’s blog to get info on development in wireless. Because of reading those two blogs, my knowledge on two very narrow fields is increased. And because I use an aggregator, I get notified only when changes are happening to their sites.

Blogs and new experts

Similarly, when a new subject crops up, I first do a Google search but, more and more often, I now also do a Feedster search in an attempt to get more context. The secret sauce in all of this is RSS, a small easy to use protocol that sits at the core of the weblog world. Where it not for this tool, I would still have to visit sites one by one and go through thousands of Google pages to find the proper page. Because blogs are based largely on linking and commenting on links, the blog worlds provides me with some context about a particular link. This, in turns, allows me to more quickly grasps new concepts.

I am not alone in this. This kind of concept sits at the core of what the blog world is about. Because blogs generate conversation amongst bloggers, pockets of expertise are arising. The mass media are now being surprised by the rise of people who are moving from blogs to mainstream media but shouldn’t be. After all, the deep secret of many in traditional media is that expertise is something that one acquires over time by covering a particular subject. The links one makes with sources are established by doing story after story in a particular area of expertise. That’s exactly what bloggers are now doing and that is why blogs are representing such a revolutionary thing in information dispersal and in expertise building.

Tristan Louis is the founder and CEO of Keepskor and writes the influential tnl.net weblog, where this was initially posted under the title Blogs and Expertise. You can follow him on twitter here or receive his weekly newsletter by subscribing here.

IM

: One of the conditions for the AOL/Time Warner merger was that AOL open its instant messaging platform to other parties. By agreeing to interoperability between the AOL IM client and MSN messenger one, AOL will now be able to point to its “openness” while maintaining a relatively tight control over the progress of that tool. I am sure the two companies are interested in working together and somehow doubt that they will be very interested in opening the world to other competitors.

At the current time, IM has taken the consumer world by storm and is starting to make headway in the enterprise. Because of its presence concept (you can see whether the people on your buddy list are online right now or not), it will eventually become a critical tool in the enterprise, moving some data traffic from the phone and email to this new platform. Already today, enterprises that have implemented IM solutions are seeing large amounts of traffic on those networks as employees send the shorter requests via this tool. Enhancements in the collaboration aspect of those tools make them perfect to be used for setting up online discussions and document sharing. I suspect that, because AOL is forbidden from adding new features to its IM platform until it has shown to be more open, we will see the company point to Microsoft and get a free pass in terms of adding new features. This will be good for AOL because it will allow to enhance its enterprise offerings. It will also be good for Microsoft, as it will probably be able to increase its footprint into that space.

Long term, I would expect most of the development of this eventually ending on Microsoft’s lap, with AOL doing an asset transfer of its software division to Microsoft.

Digital Media

: Part of the deal includes a non-exclusive agreement for AOL to use the Microsoft Windows Media 9 software suite. Once again, this is good for both companies and bad for every single one of their competitors.

AOL will benefit from the lower cost of software acquisition moving forward. As it looks to move more into fee-based digital media services (with words that it could offer TV shows, music, movies, etc… from its vast assets collection) the company will make more substantial investments into those kinds of technologies. Since this is a partnership, I suspect the products will be heavily discounted.

Microsoft wins in that, if AOL, with its fairly large customer base, start offering more services running on Windows Media 9, it will make it easier for Microsoft to go after other media player and present its installed player footprint as a competitive advantage. The story will go as follows: use Windows Media 9 server and you will not have to worry about your customers having to download extra software. Of course, Windows Media servers will continue to run on the Windows operating system, which should increase sales in that market and protect Microsoft to some extent from the Linux onslaught.

Another important part of this portion of the agreement is that it will allow the two companies to set standards for digital rights management. DRM is basically covering how to ensure that copyrights and purchase rights are assessed on digital media. What this means is that a DRM system basically encodes a piece of digital media (whether it is a movie, music track or piece of software) to include information about what you purchased and how you are allowed to use it. For example, the Apple Music store currently sells music tracks that you are allowed to use on only three computers. Because AOL is one of the largest producer in the world of such media, and Microsoft regards this software area as a very lucrative market in the future, the partnership will give both players a substantial amount of power in shaping the future of digital media.

AOL wins in that it gets someone to do the heavy lifting on the software side to tighten up control of digital media. Microsoft wins in that it gets a better understanding of what large media companies will want and builds a solution it can then resell to other companies. Once again, this is also a good argument for furthering the number of implementations of windows servers as I suspect that Microsoft will strongly recommend media companies use their platform to handle this.

Browsers

: By now, the browser wars are, at best, a distant memory. While a few holdouts do not use Internet Explorer and considerable development and innovation is still happening by makers of non-IE browsers, the market for alternative browsers is relatively small. At last count, IE was controlling over 85% of the global market. The only bright spot in that market was a browser named Mozilla, an open source project for which Netscape, a subsidiary of AOL, was the largest contributor. Because of the bad blood between America Online and Microsoft, there were a lot of rumors about AOL implementing Mozilla as the core browser in its flagship client (it has already done so on the Macintosh computer). With the announcement that AOL will get a seven year royalties free license for Internet Explorer, it seems pretty apparent that support for Mozilla from the AOL camp will probably wane. The long term outlook for the Netscape unit does not look very bright, even if the AOL chairman said that they were not closing the unit for now.

Politics

: This announcement also shows some interesting development in internal politics within the two companies.

In the mid-90s, Microsoft was starting to move more into the general media space. With this agreement, Microsoft signals the completion of a shift back to its software roots. It is probably a realization that there is still a lot of growth in that arena and that it doesn’t make sense from their standpoint to try to get into the media world by acquiring and/or building media assets.

On the AOL/Time-Warner front, this announcement shows a clear power shift in who controls the company. The power is now in Time-Warner hands, with any concept of competing with Microsoft on the software end now a distant memory. Time-Warner understands media and figures that it is better to rely on an outside party to deal with the software side of the business than to try to develop things themselves.

I am sure I’m missing a few things but I expect this story to continue unfolding and having repercussions across the whole Internet space.

Tristan Louis is the founder and CEO of Keepskor and writes the influential tnl.net weblog, where this was initially posted under the title AOL-Microsoft Settlement: The Future. You can follow him on twitter here or receive his weekly newsletter by subscribing here.

While it currently carries a non-destructive payload, some Anti Virus developers are worried that its plug-in architecture could turn it into a much more dangerous virus, opening backdoors in computer systems and escalating the war between virus makers and anti-virus developers.

First discovered in South America by Kapersky Labs, a Russian anti-virus developer, the worm has spread through email to Europe and the United States at an increasing pace.

“Hybris is one of the more common virus we’re seeing right now,” said Brian Kinj, a member of the technical staff at the CERT coordination center.

Because it carries a non-destructive payload, the anti-virus community has been split over the threat level the virus represents. In the United States, the Joint Task Force Computer Network Defense, a division of the US department of defense, has upgraded the virus to a high-risk status. Meanwhile, European virus tracker Peter Kruse, of virus112.com, has announced on Usenet that his company was upgrading the virus threat to a medium risk status, due to the recent spread of the virus in Europe.

Companies like Symantec and Sophos, however, have given the virus a low risk status since it is carrying a non-destructive payload. McAfee, on the other hand has upgraded the virus to a medium risk status based on “its prevalence and commonality.”

In its original version, the virus was spreading as an email attachment but recent reports indicate that it can also propagate itself using ICQ, an instant messaging platform used by over 30 million people. It infects WSOCK32.DLL so it can control the internet connection and intercept email addresses of incoming messages using a method similar to that of the MTX virus. Once it has obtained an address, the virus automatically sends itself to the next computer.

The virus can also modify the winsock DLL if it has been write-protected. What the virus does in this case is make a copy of wsock32.dll, infects the copy and then writes the name of the infected copy in WINIT.INI, therefore replacing wsock32 with an infected version the next time the system is rebooted. The virus also makes a copy of itself with a random name and creates an entry in the Run_Once windows registry key, ensuring that it can recopy itself if erased.

Its originality, however, lies in its plug-in architecture. Using this new model, the virus can connect to either to the alt.comp.virus Usenet newsgroup or to a series of web sites and download new updates, in a way similar to trojan horse programs. By upgrading this component the author is able to completely change the appearance of the worm in unpredictable ways in an attempt to defeat anti-virus products detecting it. Not only is the virus payload updatable but so are the methods for updating in that they are also upgradeable components. To date, all the plug-ins included in the virus have been using a very strong encryption algorithm.

One of the components of the virus searches the PC for .ZIP and .RAR archive files. When it find one, it searches inside it for a .EXE file, which it renames to .EX$, and then adds a copy of itself to the archive using the original filename.

Another component takes the infected files on your system and uploads them to the alt.comp.virus newsgroup. That component also grabs email addresses from newsgroups the user is subscribed to and sends itself to those email addresses. Over the past few weeks, this seems to have increasingly become the way by which the virus is propagating.

The only existing danger is a payload component, which on the 24th of September of any year, or at 1 minute to the hour at any day in the year 2001, displays a large animated spiral in the middle of the screen which is difficult to close. Due to the fact that most of the plug-ins are non destructive, anti-virus companies see Hybris as a low to medium risk virus.

Given its ability to become malicious, it’s up there but there are more malicious viruses out there said Jeremy Pacquette, vulnerability analyst for securityfocus.com. However, writing code like this is probably more challenging than writing code to stop it.

As medium risks go this is on the higher end of the spectrum, said Patrick Nolan, virus researcher for McAffee.

It illustrates that virus writers are not lazy that a few of them have taken it upon themselves certain skills in order to enhance the cat and mouse games they’re playing with virus software.

Apart from the standard practice of updating your virus file on a daily or weekly basis, Pacquette also recommends that IT manager educate their users about safe ex, the practice of being careful about who you communicate with and not opening plug-ins coming from unfamiliar sources. Kinj added that system administrators should consider installing a centralized email filtering system to protect their users. Nolan adds that people who share their hard drive either through a cable modem, a DSL line or a direct connection to the Internet should password protect that share to ensure that it doesn’t get accessed by the virus writers.

Kaspersky warns that the replacement of certain components could turn it from harmless to hazardous. What we have here is perhaps the most complex and refined malicious code in the history of virus writing, said Eugene Kaspersky, Head of Kapersky Labs’ Anti-Virus Research Center, in a statement on the company’s site. It is defined by an extremely complex style of programming and all the plugins are encrypted with very strong RSA 128-bit crypto-algorithm key. The components themselves give the virus writer the possibility to modify his creation “in real time,” and in fact allow him to control infected computers worldwide.

Those plugins are possibly encrypted with a PGP key or similar scheme used by virus writers, adds Nolan.

The architecture of the plug in approach is interesting and it makes it achievable for a programmer to turn it into a dangerous virus said Pacquette. New threats like this are going to promote changes in the work to fight viruses. These kinds of threats are an evolutionary pressure on AV technology.

However, Kinj said that once a virus has been discovered and analyzed, those sources are disabled and that limits the impact of the virus. Nolan adds that the plug-ins can’t work without the base executable and we now know how to stop the base executable file.

On the other hand, the morphing nature of the virus could spawn several new versions. Already, older anti-virus can’t recognize Hybris because it evades CRC checks. When you’re dealing with something that changes, you can’t use CRC checks but our algorithms go beyond that and can identify threats like Hybris based on other factors said Nolan.

According to warnings on the web sites of several anti-virus developers, the infected message reads:

Today, Snowhite was turning 18.

The 7 Dwarfs always where very educated and polite with
Snowhite. When they go out work at mornign, they promissed
a *huge* surprise.

Snowhite was anxious.

Suddlently, the door open, and the Seven Dwarfs enter…

and has been spotted as coming from the address hahaha@sexyfun.net. New variants are also sending emails with no subject and no user name but including attachments carrying Hybris.

The virus only attacks windows-based systems and most anti virus packages have released a patch to their software to deal with it. Pami Katcho, spokesperson for Microsoft, said that Microsoft is not currently planning to release a fix, but that users should download the latest virus definitions from their AV vendor.

Sources in both the virus and anti-virus community have confirmed that the virus has emerged from Brazil. It’s a cousin of Babylonia, which was touted as the first of its kind in 1999, and it looks like it was written by the same author, said Nolan.

As to whether Hybris is the beginning of a new trend, there is some disagreement. It’s more a proof of concept than anything, says Nolan. It’s phase 2 of the existing technology and has the potential to really be something else. System administrators should not be overly concerned about it right now. I doubt there will be a phase 3 because the writer has proven his point. But in virus writing circles, Hybris is providing a roadmap. This is a great tool to learn new ways to propagate a payload, said a virus writer who prefers to be unidentified. New variants of this will come out and I think that within 6 months, Hybris and its kids could be the most widespread trojans making the rounds.

Tristan Louis is the founder and CEO of Keepskor and writes the influential tnl.net weblog, where this was initially posted under the title New Virus Evolves. You can follow him on twitter here or receive his weekly newsletter by subscribing here.

The AIM client allows any users on the Internet to create a “buddy list” and carry on text-based chat with other people on their buddy list. With 27 million AOL users and 21 million registered AIM users, America Online has become the leading provider of instant messaging software, dwarfing its competitors in terms of user base. According to MediaMetrix, Yahoo Messenger is the second most popular instant messaging client, with 10.6 million users, followed by Microsoft’ MSN Messenger, with 10.3 million registered users.

AOL has aggressively promoted its AIM messaging platform as a corporate tool, cutting deals with Novell and Lotus to incorporate it in their offerings. However, its focus on security issues has not been as strong as its marketing. In the past AOL has covered up security breaches instead of being forthcoming about them, said Dave Cassel, editor of the AOL Watch Newsletter, an email mailing list sent out to 50,000 subscribers.

Two areas in which AIM security has already been compromised are password theft and buffer overflow, a way for hackers to remotely crash a computer system by sending a certain set of characters to an AIM client. Furthering the problem is the fact that the client does not need to be running at the time in order to be exploited. Simply installing it on a machine is enough to expose it to the buffer overflow problem.

In January 2000, hackers were coming to the press with that problem because they wanted the buffer overflow security hole closed, said Cassel. But AOL didn’t respond so the hackers thought that negative press would spur AOL into action. After I wrote an article about it, AOL said they would close the hole but in December 2000, the hole could still be exploited.

In December, @Stake, an Internet security consulting firm, issued a security advisory about the buffer overflow problem. In it, the company described how a hacker could use the AIM client to shutdown a computer or execute local commands on the victim’s desktop.

The issue was fixed, said Nicholas Graham, a spokesperson for AOL. We encourage our users to upgrade but it’s not an issue at this point.

Weld Pond, manager of research and development for @Stake, added that while the December issue was not exactly the same one as the January one, it did fall into the same class of problems. What that illuminates is the fact that they are not using secure policies, he said. It’s sort of like finding out that one of your windows has no lock and not going around to check the other windows.

We answer instances of security on a case by case basis, defends Graham. Our latest client is the most secure one to date and we intend to continue providing a more robust and more secure client as time goes on.

Buffer overflow and the hijacking of AIM screen names have been problems since AIM was introduced a few years back, said an active AOL hacker who preferred to remain anonymous. Product integrity and security has never been a specialty of AOL and this is very obvious from the numerous exploits I and others have found in the service in the past three years.

While AOL has issued a new version of its client correcting the problem, the security risks posed by the AIM client should remain a concern among system administrators. The funny thing is that upgrading to the most recent version of AIM solves nothing, said the hacker. Most of the exploits are what we call server side hacks, which means the software client has nothing to do with the hack at all. The buffer overflow hack was the only major hack so that involved the actual client software.

Some of my buddies used the hijacked AIM accounts to carry on fake conversations with the friends of the person who originally owned it. The conversations resulted in my buddies tricking the real owner’s friends into providing personal information and even credit card information. People have no reason to believe that accounts have been hacked unless the real owner notifies them.

This was the problem that Habeeb Dihu, a senior principal at Diamond Cluster, an ebusiness consulting firm., encountered when a hacker kidnapped his instant messenger ID. I was working on the Covisint deal, he said, referring to the B2B exchange developed by General Motors, Chrysler, Ford, Oracle, and Commerce One.

Because we have consultants working at several clients, the way we keep in touch with each others is through instant messaging. Somewhere in the middle of the Covisint deal, my AIM screen ID got hacked. Someone masqueraded as me and started to talk to my coworkers. I took care of it by alerting all my co-workers but AOL was very unresponsive in terms of tech support. I was completely ignored by the support people there and was finally contacted by the head of press relations for AOL after I talked to the press. Relative to how much AIM is used in the corporate world, the security behind this thing is abysmal.

Following the incident, the company instituted a review of different instant messaging solutions and standardized on Yahoo’s Instant Messenger. Despite the fact that you could have some ID theft issue behind Yahoo, no one has managed to hack into the yahoo user database to the extent of the problems with MSN and AOL, he added. We looked at Yahoo’s corporate solution but the cost of corporate yahoo was prohibitive compared to the free products available out there, he said, adding that his company has been involved in the development of Jabber, another IM client. Our hope is that jabber will increase security and we’ll be able to migrate there but it’s not quite there yet in terms of robust user interface for non technical people.

Instant Messaging is used as much if not more than email these days in the corporate world. The lack of security and lack of completeness in the solution is pretty alarming from my perspective. The only messaging solution that hasn’t been hacked is Yahoo’s and it’s only a matter of time before it happens.

If you just want to talk to people in your company, you’re better off using some other piece of software that wouldn’t be under as much scrutiny from hackers, said Cassel.

Using a third party to do your corporate communication that has no legal standing is a dangerous thing, said Pond. Unlike the phone, it’s unregulated and insecure. When you are using AOL IM, you’re sending your communication in the clear over the Internet to AOL’s server and back, whether you are talking to someone in a remote location or in the office next door. People think of it as the phone but they shouldn’t. AOL has full control of communication for corporations who use AIM for communication.

We’re moving to a world were there are more and more clients that people are running on their machines, out of the control of the IT department. Companies should set security policies set up at corporate level and work on an approval process for those clients.

However, there’s no one size fits all solution. Different environments can put the expense out there to create more secure environments. Thinking you can sort of read about a security problem and know what the best solution is without taking the environment into consideration is not possible.

There are far better products out there such as MSN Messenger and Yahoo Messenger, said the hacker. But these products haven’t taken off in popularity due to AOL’s huge market share. These other products are far more secure and reliable than the AIM service. Any hacker will tell you this.

Network managers can solve the issue by either blocking out connection to the AOL IM servers or install different clients on their users’ desktops. Groove is doing a similar kind of tool but it’s an encrypted chat in a peer to peer environment, which ends up being more secure, said Pond.

If you have to use it, spend as little time as possible on it, adds Cassel. When I’m through with my messaging conversation, I close it out the software in both my window and my tray. Yes, I can’t be messaged but I also can’t be hacked. I just keep my email window open and then people can reach me that way. Your email client is definitely more secure than IM.”

Tristan Louis is the founder and CEO of Keepskor and writes the influential tnl.net weblog, where this was initially posted under the title AIM Not Secure. You can follow him on twitter here or receive his weekly newsletter by subscribing here.