Previous Thread
Next Thread
Print Thread
Rate Thread
#7787 05/20/02 12:37 PM
Joined: May 2002
Posts: 1
T
Tom
Offline
Junior Member
Junior Member
T Offline
Joined: May 2002
Posts: 1
I was wondering if Yahoo PM or private chat rooms are subject to cracking?

Sponsored Links
▼ Sponsored Links ▼ ▲ Sponsored Links ▲
#7788 05/20/02 02:31 PM
Joined: Feb 2002
Posts: 7,204
Likes: 11
Community Owner
Community Owner
Joined: Feb 2002
Posts: 7,204
Likes: 11
There is always a possibility of cracking/hacking to anything anywhere, I believe that Yahoo did have a problem some time ago with cracking, but I'm not sure if they fixed their breach.


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
#7789 05/20/02 04:16 PM
Joined: Mar 2002
Posts: 562
UGN Supporter
UGN Supporter
Joined: Mar 2002
Posts: 562
I said it before, and I'll say it again. NOTHIN is secure in networking. If you can unlock it for privilaged users, then you can crack it. It is that simple. Security is a matter of path of least resitance and obsurity.

If you are more secure than jimmy over there, most will go for jimmy. If his weaknesses are published and yours aren't. He is most likely to get hacked. However, you can stil be hacked. Every program every computer can be hacked. This may stop with the introduction of the q-bit. But probably not. <img border="0" alt="[Angel]" title="" src="graemlins/angel.gif" />

#7790 05/30/02 01:04 PM
Joined: Mar 2002
Posts: 11
B
Junior Member
Junior Member
B Offline
Joined: Mar 2002
Posts: 11
sorry about the messed up page. here's the link instead:

http://viceconsulting.com/cons/servs/infosec/yimvul001/alert00.html

#7791 05/30/02 01:06 PM
Joined: Mar 2002
Posts: 11
B
Junior Member
Junior Member
B Offline
Joined: Mar 2002
Posts: 11
sorry i had to post it like that. it had some "<" and the bbs wouldnt allow that.

heres another one.

Quote:

Yahoo! Messenger! multiple! vulns!

By Thomas C Greene in Washington
Posted: 28/05/2002 at 09:08 GMT

There are two new Yahoo Instant Messenger (YIM) vulnerabilities which can potentially compromise a user's machine, Vietnamese researcher Phuong Nguyen has discovered. Yahoo! has been notified and a fixed version is available for download here.

First up, an unchecked buffer which enables any URL beginning with 'ymsgr:' to call ypager.exe, crash it and run malicious code if the messenger is integrated with the browser. All that's needed is 268 bytes to overflow the buffer, and exploit code can be loaded with the user's level of privilege. The 'call', 'sendim', 'getimv', 'chat', 'addview' and 'addfriend' function calls can be exploited, Nguyen says.

Next up a problem with the 'addview' feature which enables the messenger to view Web content on its own. This is vulnerable to freaky URLs and malicious JavaScript and VB script. Yahoo! content can be duplicated and malicious scripts embedded in the HTML to give an attacker numerous means to exploit a target. See Nguyen's original advisory for links to a couple of simple demonstrations (which I've not verified). Yahoo! has removed this particular 'feature' in the fixed version pending further engineering magic to make it safe, Nguyen says.
links:

http://download.yahoo.com/dl/installs/ymsgr/ymsgr_1065.exe
http://viceconsulting.com/cons/servs/infosec/yimvul001/alert00.html

#7792 05/30/02 01:08 PM
Joined: Mar 2002
Posts: 11
B
Junior Member
Junior Member
B Offline
Joined: Mar 2002
Posts: 11
what the hell just happen to the page? eek eek eek

#7793 05/30/02 08:42 PM
Joined: Feb 2002
Posts: 7,204
Likes: 11
Community Owner
Community Owner
Joined: Feb 2002
Posts: 7,204
Likes: 11
his [code] tags


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
#7794 05/31/02 04:45 AM
Joined: Mar 2002
Posts: 1,273
DollarDNS Owner
DollarDNS Owner
Joined: Mar 2002
Posts: 1,273
ya, if UBB would just topalign and leftalign all of it's message TD tags than things would look a lot better - even with Learner's code tags.

Or, if that's not the problem, then instead of embedding tables within another, then just use one large table so that all the elements would line up.


Domain Registration, Hosting, Management
http://www.dollardns.net
#7795 05/31/02 12:07 PM
Joined: Mar 2002
Posts: 533
Enforcement Admin
Enforcement Admin
Joined: Mar 2002
Posts: 533
Okay... Which one of you little brats screwed up the formatting of the UBB table? *takes off belt abd folds it in half*


Link Copied to Clipboard
Member Spotlight
Gremelin
Gremelin
Portland, OR; USA
Posts: 7,204
Joined: February 2002
Forum Statistics
Forums41
Topics33,839
Posts68,797
Members2,177
Most Online73,244
Nov 9th, 2025
Latest Postings
Top Posters
UGN Security 41,392
Gremelin 7,204
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Top Likes Received
Ghost 2
unreal 1
Crime 1
Ice 1
Dartur 1
Powered by UBB.threads™ PHP Forum Software 8.0.0