tansqrx
Oct 24 2007, 03:00 PM
There’s not much meat or new content in this post but I did find it rather humorous. Richard Sinn is apparently the software security engineer for Yahoo! Messenger and he now has a new book out entitled Software Security Technologies: A Progammatic Approach (http://blog.messenger.yahoo.com/blog/2007/10/23/kudos-for-the-team/)(http://www.amazon.com/dp/142831945X?tag=open0f-20&camp=14573&creative=327641&linkCode=as1&creativeASIN=142831945X&adid=1435SV1WH79S425NG1ZF&). The price is high for a paperback at $87.95 USD but I may read it once the price drops or there are used copies. Some scholars say that you can’t understand a work of literary art until you know the person. In this case I don’t think you can truly understand the security of Messenger until you know the person designing it. In short I think the first user post sums it up: QUOTE Richard Sinn, our resident software security guru on the Yahoo! Messenger team.
if he’s the guru,wat the hell wrong with all the bots and sam we get on messenger.think before u publish,omg wat a mess yahoo in
Reply
Recent Queries:--
cache:7mmsaacbaoij:www.astahost.com/info.php/yahoo-messenger-power-user_t19074.html re messenger "power user" - 410.09 hr back. (1)
Similar Topics
Keywords : yahoo, messenger, author, s, security, book
- Messenger 9.0.0.234 Released
(4)
Yahoo! Messenger Firewall Changes
(0) Yahoo! announced on their official Messenger blog (ymessengerblog.com) that unspecified changes will
be made to the way firewalled users will use Messenger. The article mentions that only users that
are using version 8.x and signed in from behind a firewall will be affected. An official message
will be sent by Yahoo! urging users to upgrade to the latest 9.x version of the software. From a
programming standpoint this will most likely only affect Messenger operations that require a peer to
peer (p2p) connection such as file sharing. When performing a peer to peer oper....
Yahoo! Messenger Challenge Response Algorithm
(11) Here is a question that came into my forum and I thought it needed wider coverage. Q: Can you
explain the Yahoo! Messenger challenge response algorithm? The Yahoo! Messenger challenge response
sequence is quite complex and unique to Yahoo! The challenge comes from the server and is then run
through an algorithm on the client. When looking at the challenge and response in ASCII view it
almost looks like a mathematical equation but it is not. This complex algorithm came from several
years ago when the username and password was sent in plain text over the network an....
Yahoo! Messenger Power User
(2) I just received a very weird message when I logged into Messenger today. It said “Congratulations,
you are a Power User!” The pop-up was in its separate window similar to the annoying Insider and
had a Learn More, Choose Your Icon, and No Thanks button (the Learn More button didn’t work). After
doing a quick Google search
(http://help.yahoo.com/l/us/yahoo/messenger/messenger9/pwrusr/pwrusr-01.html)
(http://messenger.yahoo.com/powerusers) I found that this thing does really exist and wasn’t some ad
pop-up that somehow got past my defenses. Here are a few of the “benef....
Yahoo! Messenger Talking To Google Talk?
(7) While Yahoo! was off fighting Microsoft, they made some deals with Google to put a slightly tainted
taste into the merger deal. The most notable one was an ad revenue “trial” where Google would serve
the ads on Yahoo! pages in return for a very favorable share of the profit. Over the past week it
appears that the trials were very successful and Yahoo! has agreed to a more permanent deal with
Google that would continue the deal, pending any anti-trust issues. Mixed up in this agreement is a
paragraph that indicates future interoperability between the two IM platforms (....
It Still Looks Like Microsoft Messenger May Still Happen
(9) Over the past week the talks of Microsoft buying Yahoo! has not diminished. Recently Slahsdot
(http://tech.slashdot.org/article.pl?no_d2=1&sid=08/04/07/236215) published a note that points to
both a Microsoft press release
(http://www.microsoft.com/Presspass/press/2008/apr08/04-05LetterPR.mspx) and the Yahoo! reply
(http://yhoo.client.shareholder.com/press/releasedetail.cfm?ReleaseID=303369). The bottom line is
that Yahoo! hasn’t said no, they just want more money. In my mind the simple fact that Microsoft
has not backed down after the initial offer means they will se....
Latest Yahoo! Vulnerability Appears To Be A Moving Target For Messenger
(2) I have been aware of the latest Yahoo! Jukebox and until recently Messenger exploits for about a
week. Starting on the 3rd of February, three critical vulnerabilities were posted for datagrid.dll
and mediagrid.dll which are part of the Yahoo! Jukebox offering
(http://www.securityfocus.com/bid/27578, http://www.securityfocus.com/bid/27579 ,
http://www.securityfocus.com/bid/27590) . The reason that I waited so long to post this is because
the details were inconsistent and it didn’t add up to me. The versions of Messenger that were
listed as vulnerable are absolutely a....
Hacking Yahoo! Messenger
(12) lately i've been reading some way of hacking yahoo messenger. youtube, hacking forums, and etc,
i've been there to ask and to learn how to hacking it. but i've been wondering every now and
then while reading and watching those posted videos and scripts, but they are not working. For real,
is there any way to hack yahoo messenger?....
Tapping Yahoo! Messenger Phone Conversations
(4) The latest post on the official Yahoo! Messenger blog appears to be out of place to me
(http://www.ymessengerblog.com/blog/2008/01/04/recording-yahoo-messenger-calls/). It is not part of
the usual suspects of promising unneeded features or unabashed promotion of Messenger. Instead it
is a fairly useful commentary on how to record a Messenger phone session using third party
applications. The Yahoo! Messenger blog references a New York Times article
(http://www.nytimes.com/2008/01/03/technology/personaltech/03ASKK-002.html?_r=1&oref=slogin) where a
user asked if there i....
Yahoo! Messenger 9 Beta Preliminary Review
(15) I have been using the latest version of Yahoo! Messenger for over two weeks now and I would like to
give a quick review of it. Overall this is not a major change from what I know as Messenger. As it
has been said before, this is evolutionary not revolutionary. From what I can see there are no new
features (at least none that I would use), the user interface (UI) is prettier, and it looks like
there have been some bug fixes; that’s it. Under the hood there are some things to note. The
current version of the YSMG protocol with version 8 is 15 and Messenger 9 has bee....
Minor Updates To Yahoo! Messenger Web
(1) The Yahoo! Messenger development team announced that there have been a few minor upgrades to the web
version of Yahoo! Messenger
(http://blog.messenger.yahoo.com/blog/2007/09/24/yahoo-messenger-for-the-web-new-release/). From
what I can see nothing major has been added except for SMS to mobile users and a few new languages
for India. Apparently the web version of Messenger has taken off in India as nine new languages are
added for that region. You add the support for the biggest demand.....
Messenger Mail Bug?
(2) Over the past few days (It is September 23, 2007 now) I have noticed what appears to be a bug in
Yahoo! Messenger concerning unread mail. No matter if there are unread messages or not, Messenger
always reports new mail. I have even gone through the trouble of deleting EVERYTHING from my mail
account and it still pops up. The same behavior happens on Yahelite and Pidgen so it is a server
side bug. Yahoo! has been upgrading their server so I would expect that this is a side effect of
some of the upgrades. Of course this could be confined to me so let me know if you ar....
“discovr” New Friend With Yahoo! Messenger
(2) The latest blog post from the Yahoo! Messenger development teams is about Discovr, a proposed new
way of sharing Messenger contacts. As is stands Messenger is a closed social community. It is very
hard to discover new buddies unless you start trolling around the chat rooms or have a buddy in real
life. Discovr is a method to make Messenger more like Facebook or Myspace where everyone knows who
your friends are. Discovr came from Hack Days, a common occurrence at Yahoo! that encourages
different departments to throw out new ideas. (To think Yahoo! actually names it H....
The Yahoo! Messenger Zero-day For The Month Of August
(1) Yahoo! Messenger is once again in the news for all the wrong reasons. This time it is a heap
overflow in the webcam component. The news was apparently first exposed my McAfee in a blog post at
http://www.avertlabs.com/research/blog/ind...enger-zero-day/ . A second post at
http://www.avertlabs.com/research/blog/ind...er-webcam-0day/ goes into more detail explaining that
you shouldn’t accept unknown webcam invites and to possibly firewall port 5100. Security Focus has
also issued an alert at http://www.securityfocus.com/bid/25330/info but they only classify is as ....
Two For The Price Of One: New Messenger Exploit And A New Way To Get It
(7) A new service run by WSLabi (http://www.wslabi.com/wabisabilabi/home.do?) touts itself as the new
eBay of vulnerability researchers (http://www.securityfocus.com/brief/542?ref=rss). From many years
there has been a battle between security researchers and software publishers over the price or value
of an exploit. As a researcher myself I know how many countless hours go into finding and
developing material that is useful in making an exploit. I could easily turn it into a full time
job. I do it for a hobby but what if someone wants to make it into a full time job? I....
New Yahoo! Web Messenger
(12) Today Yahoo! announced a whole new way to communicate using Messenger. It’s the “all-new Web-based
Yahoo! Instant Messenger.” Ohh wait a minute, wasn’t there already a web version of Yahoo!
Messenger? Despite the fact that the official press release
(http://yodel.yahoo.com/2007/05/02/yahoo-messenger-hold-the-download) makes this out to be something
completely new, a web version of Messenger has been around for years. I of course will be the first
to admit that the old version was so bad that I would like to forget about it too. With the bad
taste of my previous expe....
New Yahoo! Messenger Protocol Changes?
(4) I first picked this up on Big Blue Ball in their newsletter
(http://www.bigblueball.com/forums/yahoo-messenger-news/39852-yahoo-drop-support-y-messenger-7-5-apr
il-2nd.html). QUOTE As of April 2nd, 2007, we will no longer offer customer support for
Yahoo! Messenger 7.0/7.5. We recommend that you upgrade to the latest version of Yahoo! Messenger.
We will keep these help pages available online should you continue to use this version and have
basic questions that these pages can answer. The administrators of Big Blue Ball speculate that
this may mean another proto....
Yahoo! Messenger Through Web
To be? Or not to be?!~ (6) Hello guys, Glad to find here to ask my question, Iam came from here via google. I'm , for many
weeks, seeking for a solution that give me ability for connecting , sending and reciving, PM's
to Yahoo Messenger through web protocol I am proff in php, and now seeking for an easy way , not of
cource socket programming that is hard to implement and buggy , also not every where supported, to
establishing sessions and managing them through HTTP/1.1 , then I will write an application for i.e
auto responding, saving history on web, forwarding,managing and etc... i need ....
Yahoo! Messenger Plugin Sdk
(3) I read this morning at theunofficialyahooweblog
(http://yahoo.weblogsinc.com/2006/06/19/yahoo-opens-up-messenger-to-3rd-party-plug-ins/) that Yahoo!
has just released a SDK for a plugin engine that will reside in the next version of Messenger. I
can’t wait to dig into this seemingly juicy morsel of Yahoo! fun. I’m not sure what all one can do
with the SDK yet but I will be sure to report what I find. The SDK can be found at
http://developer.yahoo.com/ . A list of already published plugins can be found at
http://us.gallery.yahoo.com/messenger . Does anyone have som....
Messenger Stealth Settings Bug?
(2) I have been having problems with my stealth setting for about a week now. Apparently when I have
all users set to invisible it works fine. Also when I go available everything appears to work fine.
The problems is when I set a custom message all of a sudden the users that I have individually set
to offline can see me. I have not been able to reproduce the results myself but it is starting to
become a problem as people that I would rather not talk to IM me now. Anyone else run into this?
Is this another bug?....
Yahoo! Messenger Protocol Tutorial - Part 7
(0) Yahoo! Protocol: Part 7 - Yahoo! Packet Structure All Yahoo! communications use TCP over IP
communication and the Yahoo! data resides in the data field of the TCP packet as shown in Figure 13.
Figure 13 - Yahoo! Messenger Packet Yahoo! extends the common TCP/IP convention of using
headers by creating its own application level header format. A Yahoo! header is 20 bytes long and
is identified by the first 4 bytes being “YMSG.” The Yahoo! header also includes the YMSG version,
message length, service type, status, and session ID. Figure 14 shows a graphical repre....
Yahoo! Messenger Protocol Tutorial - Part 6
(0) Yahoo! Protocol: Part 6 - Money and Closed Protocols Even with all the bells and whistles of
Yahoo! Messenger, Messenger still follows the same basic communications architecture as most other
instant messengers. Yahoo! is based on a central server structure. First a client, Yahoo!
Messenger logs onto a Yahoo! server using a username and password. The server authenticates the
request and either allows or denies access to services. From this point most messages sent to other
users are buffered through the server. After a successful login the client registers as bein....
Yahoo! Messenger Protocol Tutorial - Part 5
(0) Yahoo! Protocol: Part 5 - Disclaimer and Legal Upon becoming a member of the Yahoo! community, a
user agrees to follow the Yahoo! Terms of Service (TOS) . According to the TOS, when a user
registers, he is obligated to provide completely trueful answers to any questions posed by Yahoo!
and update any information if it changes. Section 3a, b states the following: QUOTE You also
agree to: (a) provide true, accurate, current and complete information about yourself as prompted by
the Service's registration form (the "Registration Data") and (B) maintain and pro....
Yahoo! Messenger Protocol Tutorial - Part 4
(0) As with any basic instant messaging service, Yahoo! Messenger offers several basic functions. In
general, an instant messenger offers conversations between two users in real time. As a rule, both
users will see the conversation line by line as it is typed. Although not required, instant
messengers usually offer the ability to show away messages, reside in the system tray until needed,
and offer a user buddy list . In addition to these basic services, the latest version of Yahoo!
Messenger also offers more advanced features. Although not unique, these services make ....
Yahoo! Messenger Protocol Tutorial - Part 3
(0) Yahoo! started its life as “Jerry and David’s Guide to the World Wide Web” in January of 1994. Its
creators David Filo and Jerry Yang, started Yahoo! as a way to track their personal interests. As
word spread of this new effective search engine, resources were soon strained. Moving from Stanford
University to Netscape facilities, and finally to its own headquarters, Yahoo! has become one of the
largest Internet names in history. At the end of the day Yahoo! is still a business and like all
businesses, Yahoo! has to make a profit and adhere to a business model. Yahoo!....
Yahoo! Launches New Security Centre
(2) Yahoo! have recently launched a new security centre in which "you’ll find help and advice to keep
your PC safe and secure". It's available at http://uk.security.yahoo.com My first impression
is that the page seems to be sponsored by Symantec. The entire right-hand side of the page seems to
be dedicated to Symantec stuff, which is terrible if a Yahoo! user has McAfee, ALWIL, or some other
security software, provided by anyone other than Symantec, like me. The article of the month is also
provided by Symantec. In fact, it seems as though almost all of the content on....
Yahoo! Messenger Protocol Tutorial - Part 2
(2) Part 2 - History The need for humans to communicate faster and more efficiently has been one of the
driving forces behind the Internet. Not since the invention of the telephone has communications
between humans been more readily available. The communication power of the Internet began to take
shape in its infancy with one of the first Internet applications, email. While the Internet was
still ARPANET and with only four links, the first email message was sent by Ray Tomlinson in 1971.
The first message consisted of the text “Testing 1-2-3” and did not contain any of th....
Yahoo! Messenger Protocol Tutorial - Part 1
(0) One of the security passions that I have maintained over the past few years is the one with Yahoo!
Messenger. In recent months Yahoo! Messenger has seen a decline in users due to some new policies.
Although not as strong as perhaps a year ago, it is still very important to keep a watch on Yahoo!
Messenger from a security point of view. Messenger, just like may of the programs we use, open a
door out to the Internet. With each new door comes a unique set of security concerns. Perhaps the
biggest reason to keep an eye on Yahoo! Messenger is because the user base is so....
New Tools And A New Protocol For Messenger
(0) Way back when I had Messenger 6.0 I came across a fairly unique add-on to Yahoo! Messenger that
added the "join user in chat" function that was taken away in the migration from 5.0 to 6.0. The
program simply consisted of a file that replaced a Yahoo! DLL and re-enabled the join user in chat
function. Once I upgraded to 7.0 the program of course did not work and I started my search for a
replacment. At long last I have found it and not only does it add the join user in chat, it also
adds view webcam and much more that has been missing since the days of 5.0. The add-on is ....
Yahoo Messenger 7.0
(10) Yahoo! recently released the official Yahoo! Messenger 7.0. http://messenger.yahoo.com/ This is
the official version and adds some new functionality to the previous Messenger. QUOTE Free
Worldwide PC-to-PC Calls Drag-and-Drop Photos Improved File Sharing I know that it has not been
out that long but i was wondering if anyone else has tried it. I have used it for the past couple
of days and I think it is an improvment, small improvment, yet at least a step in the foward
direction. The most advanced feature that I have tried was to send a file which I almost....
Looking for yahoo, messenger, author, s, security, book
|
*SIMILAR VIDEOS*
Searching Video's for yahoo, messenger, author, s, security, book
|
advertisement
|
|
