tansqrx
Jan 24 2006, 12:01 AM
Yahoo! Protocol: Part 6 - Money and Closed Protocols Even with all the bells and whistles of Yahoo! Messenger, Messenger still follows the same basic communications architecture as most other instant messengers. Yahoo! is based on a central server structure. First a client, Yahoo! Messenger logs onto a Yahoo! server using a username and password. The server authenticates the request and either allows or denies access to services. From this point most messages sent to other users are buffered through the server. After a successful login the client registers as being active and the buddy list is updated. Along the way various updates to the user’s buddy list is received. This type of update is triggered by a friend going online or offline. After the user is done with messenger, another message is sent to the server and the connection is taken down [http://www.venkydude.com/articles/yahoo.htm]. One large difference between instant messengers and earlier IRC type technology is that all messages go through the central server before being received by another user. In IRC, when a message is sent, a direct peer to peer connection is made. At the very least, this gave away the other user’s IP address. If you can not get the other user to talk then a user can simply type “/DNS ‘nickname’” to find the other users IP address. In the sometimes hostile environment of IRC, this soon became a security risk. If a malicious user deems it necessary, they can acquire another users IP address and then proceed to hack, crash, or otherwise harass the intended victim. Seeing this as a problem, instant messengers generally do not reveal the IP address of any users during chat because all messages are buffered by the server. From the very beginning, this was a trivial security increase. Through social engineering, a malicious user could lure the prospected victim to visit an evil website that logs all visitors. The malicious user would then check the logs of the web server and get the victims IP address. With the latest release of Yahoo! Messenger, Version 7, new features allow direct peer-to-peer communications even without the victim’s knowledge. Although a regular plain IM message box still provides reasonable security against IP harvesting, using file transfers, certain web cam features, and IMvironments will establish a peer-to-peer connection. Since its creation, Yahoo! Messenger has gone through several major versions. The most recent version of Messenger as of November 2005 is Version 7. As with other companies such as Microsoft’s .NET Messenger, Yahoo! sports a closed proprietary protocol as well as architecture. There is very little documentation on the web reguarding the Yahoo! Messenger protocol and absolutely nothing from Yahoo! itself. Despite this fact, several third party Yahoo! clients have emerged. Many of these clients have the selling point of being much more secure and resistant to booting than the standard Yahoo! Messenger. YahElite [http://www.yahelite.org] and YTunnel! [ http://www.ytunnelpro.com] are two of the most popular third party clients. Yahoo! has been known to change the protocol on a moments notice in order to keep third party clients from piggybacking on the Yahoo! network. In September 2003, Yahoo! changed protocols and policies in order to keep Trillian, a multiple network client, from connecting to Yahoo! services [http://news.zdnet.com/2100-3513_22-5082812.html]. All together this demonstrates that Yahoo! is very serious about keeping its messenger protocols secret. Yahoo! Messenger and the underlying protocols that Messenger uses are proprietary and closed source. As with any other closed source application, it is still possible to gain a great deal of information about the program by observing the program inputs and outputs known as black box testing. The most important analysis comes from the network communication with the Yahoo! servers. To analyze this information I employed the use of an open source network sniffer called Ethereal [http://www.ethereal.com]. Ethereal already has the functionality to decode Yahoo! packets and the nomenclature used by Ethereal will be used throughout this paper. Using Ethereal and the few online references available, a rough picture of the login can be inferred [http://www.venkydude.com/articles/yahoo.htm], [http://www.howtodothings.com/printarticle.asp?article=491], [http://www.cse.iitb.ac.in/~varunk/YahooProtocol.php]. The following analysis of the Yahoo! protocol is based on my own research and is not guaranteed to be without defect. At the time of the experiments in this document the current Yahoo! Messenger version was 6.0 with a protocol version of 12. All captures and illustrations are based on the YMSG12 protocol. Although the current version of the Yahoo! protocol (YMSG13) is very similar to version 12, it is not exactly the same. A minor altercation in the login process has been reported and several new headers for Internet based phone calls have been added. Although not completely current, this document is still a good starting point for understanding the Yahoo! protocol. http://www.ycoderscookbook.com/
Reply
Recent Queries:--
how to trace the ip address via offline messages in yahoo messengers - 5.50 hr back. (1)
-
yahoo messanger artchitecture - 24.91 hr back. (1)
-
communication architecture of yahoomessenger - 36.08 hr back. (1)
-
document yahoo messenger 6.0 - 81.49 hr back. (1)
-
architecture of yahoo messenger - 82.62 hr back. (1)
-
"yahoo messenger architecture" - 84.83 hr back. (1)
-
yahoo messenger protocol login security - 107.11 hr back. (1)
-
yahoo messenger user ip - 118.35 hr back. (1)
-
yahoo messenger network client logs - 133.70 hr back. (1)
-
preview - 141.14 hr back. (1)
-
tutorial messenger log - 148.99 hr back. (1)
-
ymsg13 - 161.55 hr back. (1)
-
astahost - 176.72 hr back. (1)
-
ymsg12 protocol - 113.72 hr back. (2)
Similar Topics
Keywords : yahoo, messenger, protocol, tutorial, part, 6
- New Ceo For Yahoo!
(0)
Messenger 9.0.0.234 Released
(4) Yahoo! has released an updated version of Messenger and is now at version 9.0.0.234
(http://www.ymessengerblog.com/blog/2008/11/18/updated-90-addresses-vista-issues/). This is
apparently due to some problems with the previous version working under Microsoft Vista after the
official Vista version was discontinued.....
Yahoo! Messenger Firewall Changes
(0) Yahoo! announced on their official Messenger blog (ymessengerblog.com) that unspecified changes will
be made to the way firewalled users will use Messenger. The article mentions that only users that
are using version 8.x and signed in from behind a firewall will be affected. An official message
will be sent by Yahoo! urging users to upgrade to the latest 9.x version of the software. From a
programming standpoint this will most likely only affect Messenger operations that require a peer to
peer (p2p) connection such as file sharing. When performing a peer to peer oper....
Yahoo! Profiles Updated
(2) Yahoo! has changed their profile system and more has changed besides the layout of the page. When
transitioning to the new system all of the user data was cleared and pages for aliases were removed.
Additionally, personal information such as age and location are now protected in a manner similar
to Facebook or MySpace where you must be accepted by the user. Apparently many users are not happy
with the new system as shown in
(http://www.yprofileblog.com/blog/2008/10/17/managing-your-alias-and-profile/),
(http://www.ymessengerblog.com), and (http://tech.slashdot.org/art....
Yahoo! Messenger Challenge Response Algorithm
(11) Here is a question that came into my forum and I thought it needed wider coverage. Q: Can you
explain the Yahoo! Messenger challenge response algorithm? The Yahoo! Messenger challenge response
sequence is quite complex and unique to Yahoo! The challenge comes from the server and is then run
through an algorithm on the client. When looking at the challenge and response in ASCII view it
almost looks like a mathematical equation but it is not. This complex algorithm came from several
years ago when the username and password was sent in plain text over the network an....
Yahoo! Messenger Power User
(2) I just received a very weird message when I logged into Messenger today. It said “Congratulations,
you are a Power User!” The pop-up was in its separate window similar to the annoying Insider and
had a Learn More, Choose Your Icon, and No Thanks button (the Learn More button didn’t work). After
doing a quick Google search
(http://help.yahoo.com/l/us/yahoo/messenger/messenger9/pwrusr/pwrusr-01.html)
(http://messenger.yahoo.com/powerusers) I found that this thing does really exist and wasn’t some ad
pop-up that somehow got past my defenses. Here are a few of the “benef....
Yahoo! Search Boss
(5) Last wednesday (2008-07-09) Yahoo! Search launched a new service called Yahoo! Search BOSS (Build
your Own Search Service) which is a web services platform that allows developers and companies to
create and launch web-scale search products by utilizing the same infrastructure and technology that
powers Yahoo! Search . Some capabilities of the new Yahoo! Search BOSS service are: Ability to
re-rank and blend results Unlimited queries Total flexibility on presentation This service is
based on Python and is available to everybody, to get started and Build your Ow....
Get Paid To Search Yahoo!
New way for you to make money online (10) Hi buddies, Is this a good news for you? I've got paid for the first month from this site. Here
is how you can earn: After you sign up, they ask you to set their page as homepage and install a
search box.Everyday, when you search once, you will earn up to 3p. How much you can earn depends on
where you live. I earned 1.5p per search. So, if you search 40 times per day, how much you will earn
a month? It's very easy, right? In addition, when you refer friends, you will earn more. They
offer 4 referral levels: 50%, 10%, 5% and 2.5%. If you are interested, sign up a....
Yahoo! Messenger Talking To Google Talk?
(7) While Yahoo! was off fighting Microsoft, they made some deals with Google to put a slightly tainted
taste into the merger deal. The most notable one was an ad revenue “trial” where Google would serve
the ads on Yahoo! pages in return for a very favorable share of the profit. Over the past week it
appears that the trials were very successful and Yahoo! has agreed to a more permanent deal with
Google that would continue the deal, pending any anti-trust issues. Mixed up in this agreement is a
paragraph that indicates future interoperability between the two IM platforms (....
Yahoo! Dodges The Bullet
(4) Microsoft has receded it’s bid for Yahoo! in a surprise Saturday (May 3, 2008) announcement. When
presented with offering more money or engaging in a hostel take-over, Microsoft decided to take a
third route and just drop the whole thing. In a letter addressed to Yahoo!
(http://www.microsoft.com/presspass/press/2008/may08/05-03letter.mspx), Microsoft outlined several
reasons why they let the offer slip. There are concerns that a deal between Yahoo! and Google would
seriously throw a monkey wrench into things and regulatory bodies, the EU in particular, would frown
upo....
It Still Looks Like Microsoft Messenger May Still Happen
(9) Over the past week the talks of Microsoft buying Yahoo! has not diminished. Recently Slahsdot
(http://tech.slashdot.org/article.pl?no_d2=1&sid=08/04/07/236215) published a note that points to
both a Microsoft press release
(http://www.microsoft.com/Presspass/press/2008/apr08/04-05LetterPR.mspx) and the Yahoo! reply
(http://yhoo.client.shareholder.com/press/releasedetail.cfm?ReleaseID=303369). The bottom line is
that Yahoo! hasn’t said no, they just want more money. In my mind the simple fact that Microsoft
has not backed down after the initial offer means they will se....
Who Uses A Yahoo E-mail
(8) How many people use a Yahoo e-mail account & WHY? What is good about it?! Post as a comment please....
Latest Yahoo! Vulnerability Appears To Be A Moving Target For Messenger
(2) I have been aware of the latest Yahoo! Jukebox and until recently Messenger exploits for about a
week. Starting on the 3rd of February, three critical vulnerabilities were posted for datagrid.dll
and mediagrid.dll which are part of the Yahoo! Jukebox offering
(http://www.securityfocus.com/bid/27578, http://www.securityfocus.com/bid/27579 ,
http://www.securityfocus.com/bid/27590) . The reason that I waited so long to post this is because
the details were inconsistent and it didn’t add up to me. The versions of Messenger that were
listed as vulnerable are absolutely a....
Optimize Your Site For Yahoo
(1) I know google and Yahoo somehow values different stuff when it ranks websites. Some good tips for
Yahoo optimization: Keywords in URL alt text Site Explorer Prominence I don't want to copy
the whole thing here, but this article explains it: Yahoo Optimization Feel free to share your
experience of optimizing for Yahoo....
Yahoo! May Add Openid Support
(1) An article from Security Focus (http://www.securityfocus.com/brief/665) states that Yahoo! is
considering adding support for OpenID (http://openid.net/). This would add Yahoo! to the growing
number of sites that are supporting the open source effort. There is no mention of Yahoo! Messenger
but I would guess that it will not be supported immediately by the desktop client. For those who
have not heard of OpenID I would suggest doing some research. It promises to get rid of the
hundreds (perhaps thousands for some) of separate website passwords. You could essentially u....
Hacking Yahoo! Messenger
(12) lately i've been reading some way of hacking yahoo messenger. youtube, hacking forums, and etc,
i've been there to ask and to learn how to hacking it. but i've been wondering every now and
then while reading and watching those posted videos and scripts, but they are not working. For real,
is there any way to hack yahoo messenger?....
Tapping Yahoo! Messenger Phone Conversations
(4) The latest post on the official Yahoo! Messenger blog appears to be out of place to me
(http://www.ymessengerblog.com/blog/2008/01/04/recording-yahoo-messenger-calls/). It is not part of
the usual suspects of promising unneeded features or unabashed promotion of Messenger. Instead it
is a fairly useful commentary on how to record a Messenger phone session using third party
applications. The Yahoo! Messenger blog references a New York Times article
(http://www.nytimes.com/2008/01/03/technology/personaltech/03ASKK-002.html?_r=1&oref=slogin) where a
user asked if there i....
Yahoo! Messenger 9 Beta Preliminary Review
(15) I have been using the latest version of Yahoo! Messenger for over two weeks now and I would like to
give a quick review of it. Overall this is not a major change from what I know as Messenger. As it
has been said before, this is evolutionary not revolutionary. From what I can see there are no new
features (at least none that I would use), the user interface (UI) is prettier, and it looks like
there have been some bug fixes; that’s it. Under the hood there are some things to note. The
current version of the YSMG protocol with version 8 is 15 and Messenger 9 has bee....
Yahoo! Messenger Author’s New Security Book
(0) There’s not much meat or new content in this post but I did find it rather humorous. Richard Sinn
is apparently the software security engineer for Yahoo! Messenger and he now has a new book out
entitled Software Security Technologies: A Progammatic Approach
(http://blog.messenger.yahoo.com/blog/2007/10/23/kudos-for-the-team/)(http://www.amazon.com/dp/14283
1945X?tag=open0f-20&camp=14573&creative=327641&linkCode=as1&creativeASIN=142831945X&adid=1435SV1WH79
S425NG1ZF&). The price is high for a paperback at $87.95 USD but I may read it once the price drops
or there are use....
Minor Updates To Yahoo! Messenger Web
(1) The Yahoo! Messenger development team announced that there have been a few minor upgrades to the web
version of Yahoo! Messenger
(http://blog.messenger.yahoo.com/blog/2007/09/24/yahoo-messenger-for-the-web-new-release/). From
what I can see nothing major has been added except for SMS to mobile users and a few new languages
for India. Apparently the web version of Messenger has taken off in India as nine new languages are
added for that region. You add the support for the biggest demand.....
Messenger Mail Bug?
(2) Over the past few days (It is September 23, 2007 now) I have noticed what appears to be a bug in
Yahoo! Messenger concerning unread mail. No matter if there are unread messages or not, Messenger
always reports new mail. I have even gone through the trouble of deleting EVERYTHING from my mail
account and it still pops up. The same behavior happens on Yahelite and Pidgen so it is a server
side bug. Yahoo! has been upgrading their server so I would expect that this is a side effect of
some of the upgrades. Of course this could be confined to me so let me know if you ar....
“discovr” New Friend With Yahoo! Messenger
(2) The latest blog post from the Yahoo! Messenger development teams is about Discovr, a proposed new
way of sharing Messenger contacts. As is stands Messenger is a closed social community. It is very
hard to discover new buddies unless you start trolling around the chat rooms or have a buddy in real
life. Discovr is a method to make Messenger more like Facebook or Myspace where everyone knows who
your friends are. Discovr came from Hack Days, a common occurrence at Yahoo! that encourages
different departments to throw out new ideas. (To think Yahoo! actually names it H....
Captchas + Yahoo! Chat = No Bots (for Now)
(22) Just in case you haven’t been keeping up with Yahoo! Chat, it looks like a new sheriff is in town
(http://blog.messenger.yahoo.com/blog/2007/08/29/new-entry-process-for-chat-rooms/). Just before
the Labor Day weekend Yahoo! started making users enter a captcha before they could enter a chat
room. This could possibly mean that the chat rooms will be bot free for the time being. My first
impression of the system was not that bad. I logged in with Yahelite and was quickly prompted to
enter the captcha in a separate dialogue box. I do have to admit that the process did ....
Yahoo! Chat Room Survey
(1) Back in May Yahoo! swore that the chat room problems were going to be fixed. Again this past month
they said the same thing. This is a survey to see if anyone has experienced better results,
specifically within the past week. Personally I started having real problems starting at the
beginning of the year. The porn bots and booters were always there so I never considered them to be
a problem. I use YahElite to chat so most of the garbage is filtered out anyway. My big complaint
is with not being able to get into a chat room at all. When I go to sign in there is usu....
Yahoo Mail With Yahoo Chat
(7) Yahoo has added Yahoo Chat to Yahoo Mail. In other words when you are browsing your e-mails, and if
some of your contacts are online you can chat with them. You are immediatly signed on yahoo chat,
when your yahoo mail turns on. And in the left panel, next to contacts it says 0 online or 3 online,
depends on how many of your contacts or online. Then you can just put your mouse over where it
says how many of your contacts are online, click and you can pick with who you want to chat with.
It is pretty amazing, and I think that Yahoo Mail is getting better and better.....
The State Of Yahoo! Chats
(1) An interesting post slipped through on Friday from the Official Messenger Blog
(http://blog.messenger.yahoo.com/). This is one of the few posts that has some meat to it and it
basically outlines what the future of Yahoo! chat rooms are (the title is “Chat rooms: State of the
Union”, I like it). According to Yahoo!, the entire backend of the servers has been rebuilt from
the ground up. Hopefully they also incorporated security into their software life cycle which would
make many of the common problems disappear. There is also a war against bots, and a MAC platform
add....
Yahoo Mail Going Unlimited
(24) Yahoo is expanding its offer of unlimited e-mail storage worldwide.Yahoo! Mail has begun its rollout
of unlimited e-mail storage, which will reach all users of the service within the coming months.
Yahoo announced its unlimited storage plan for U.S. residents back in March. Yahoo Mail originally
launched in 1997 with 4MB of storage. The mail app was an outgrowth of Yahoo's acquisition of
Four11 Corporation, which owned an app known as RocketMail. Both new and existing Yahoo! Mail users
will receive an unlimited amount of free e-mail storage. The service upgrade wil....
Unable To Log Into Yahoo! Chat?
(3) This is an interesting tid bit about the Yahoo! chat room problems.
http://www.winbeta.org/forums/index.php?showtopic=8809 To be honest I am kinda scared. When a
company has set a hard deadline to resolve “technical issues” I always get the feeling that
something else is going to change. Maybe this is another protocol change or something specific to
chat. On a personal note, I have noticed the problem getting slightly better over the past few
days. QUOTE Thank you for writing to Yahoo! Messenger. We understand that you are unable to
enter chat rooms through ....
Yahoo! Protocol: Part 11 - Booters Introduction
(4) For whatever reason, certain users feel the need to harass other citizens of the internet. The
following is a typical scenario of what may cause a Yahoo! booter to be used. Bob is an average
computer user that enjoys talking to his friends over Yahoo! Messenger. One day, Bob goes into a
Yahoo! chat room to discuss the topics of the day. After several minutes of intellectual discussion
with members of the chat room, Jane joins the room. From the very beginning, it is apparent that
Jane is in the room to cause trouble and starts a flame war. Bob and Jane quickly star....
Yahoo! Messenger Protocol Tutorial - Part 2
(2) Part 2 - History The need for humans to communicate faster and more efficiently has been one of the
driving forces behind the Internet. Not since the invention of the telephone has communications
between humans been more readily available. The communication power of the Internet began to take
shape in its infancy with one of the first Internet applications, email. While the Internet was
still ARPANET and with only four links, the first email message was sent by Ray Tomlinson in 1971.
The first message consisted of the text “Testing 1-2-3” and did not contain any of th....
Looking for yahoo, messenger, protocol, tutorial, part, 6
|
*SIMILAR VIDEOS*
Searching Video's for yahoo, messenger, protocol, tutorial, part, 6
|
advertisement
|
|
