Security of Yahoo PM ? - 05/20/02 07:37 PM
I was wondering if Yahoo PM or private chat rooms are subject to cracking?
Re: Security of Yahoo PM ? - 05/20/02 09:31 PM
There is always a possibility of cracking/hacking to anything anywhere, I believe that Yahoo did have a problem some time ago with cracking, but I'm not sure if they fixed their breach.
Re: Security of Yahoo PM ? - 05/20/02 11:16 PM
I said it before, and I'll say it again. NOTHIN is secure in networking. If you can unlock it for privilaged users, then you can crack it. It is that simple. Security is a matter of path of least resitance and obsurity.
If you are more secure than jimmy over there, most will go for jimmy. If his weaknesses are published and yours aren't. He is most likely to get hacked. However, you can stil be hacked. Every program every computer can be hacked. This may stop with the introduction of the q-bit. But probably not. <img border="0" alt="[Angel]" title="" src="graemlins/angel.gif" />
If you are more secure than jimmy over there, most will go for jimmy. If his weaknesses are published and yours aren't. He is most likely to get hacked. However, you can stil be hacked. Every program every computer can be hacked. This may stop with the introduction of the q-bit. But probably not. <img border="0" alt="[Angel]" title="" src="graemlins/angel.gif" />
Re: Security of Yahoo PM ? - 05/30/02 08:04 PM
sorry about the messed up page. here's the link instead:
http://viceconsulting.com/cons/servs/infosec/yimvul001/alert00.html
http:/
Re: Security of Yahoo PM ? - 05/30/02 08:06 PM
sorry i had to post it like that. it had some "<" and the bbs wouldnt allow that.
heres another one.
Yahoo! Messenger! multiple! vulns!
By Thomas C Greene in Washington
Posted: 28/05/2002 at 09:08 GMT
There are two new Yahoo Instant Messenger (YIM) vulnerabilities which can potentially compromise a user's machine, Vietnamese researcher Phuong Nguyen has discovered. Yahoo! has been notified and a fixed version is available for download here.
First up, an unchecked buffer which enables any URL beginning with 'ymsgr:' to call ypager.exe, crash it and run malicious code if the messenger is integrated with the browser. All that's needed is 268 bytes to overflow the buffer, and exploit code can be loaded with the user's level of privilege. The 'call', 'sendim', 'getimv', 'chat', 'addview' and 'addfriend' function calls can be exploited, Nguyen says.
Next up a problem with the 'addview' feature which enables the messenger to view Web content on its own. This is vulnerable to freaky URLs and malicious JavaScript and VB script. Yahoo! content can be duplicated and malicious scripts embedded in the HTML to give an attacker numerous means to exploit a target. See Nguyen's original advisory for links to a couple of simple demonstrations (which I've not verified). Yahoo! has removed this particular 'feature' in the fixed version pending further engineering magic to make it safe, Nguyen says.
links:
http://download.yahoo.com/dl/installs/ymsgr/ymsgr_1065.exe
http://viceconsulting.com/cons/servs/infosec/yimvul001/alert00.html
heres another one.
Quote:
Yahoo! Messenger! multiple! vulns!
By Thomas C Greene in Washington
Posted: 28/05/2002 at 09:08 GMT
There are two new Yahoo Instant Messenger (YIM) vulnerabilities which can potentially compromise a user's machine, Vietnamese researcher Phuong Nguyen has discovered. Yahoo! has been notified and a fixed version is available for download here.
First up, an unchecked buffer which enables any URL beginning with 'ymsgr:' to call ypager.exe, crash it and run malicious code if the messenger is integrated with the browser. All that's needed is 268 bytes to overflow the buffer, and exploit code can be loaded with the user's level of privilege. The 'call', 'sendim', 'getimv', 'chat', 'addview' and 'addfriend' function calls can be exploited, Nguyen says.
Next up a problem with the 'addview' feature which enables the messenger to view Web content on its own. This is vulnerable to freaky URLs and malicious JavaScript and VB script. Yahoo! content can be duplicated and malicious scripts embedded in the HTML to give an attacker numerous means to exploit a target. See Nguyen's original advisory for links to a couple of simple demonstrations (which I've not verified). Yahoo! has removed this particular 'feature' in the fixed version pending further engineering magic to make it safe, Nguyen says.
http:/
http:/
Re: Security of Yahoo PM ? - 05/30/02 08:08 PM
what the hell just happen to the page? 
Re: Security of Yahoo PM ? - 05/31/02 03:42 AM
his [code] tags
Re: Security of Yahoo PM ? - 05/31/02 11:45 AM
ya, if UBB would just topalign and leftalign all of it's message TD tags than things would look a lot better - even with Learner's code tags.
Or, if that's not the problem, then instead of embedding tables within another, then just use one large table so that all the elements would line up.
Or, if that's not the problem, then instead of embedding tables within another, then just use one large table so that all the elements would line up.
Re: Security of Yahoo PM ? - 05/31/02 07:07 PM
Okay... Which one of you little brats screwed up the formatting of the UBB table? *takes off belt abd folds it in half*