Bill Knows how to share! He want's eveyone to share YOUR FILES!!!

[Daniel ~]

Just a snipent of the joys that await you! A must read!!!

From THE REGISTER!!
http://www.theregister.co.uk/content/4/24004.html

IE bug allows full MSN Messenger hijack
By Thomas C Greene in Washington
Posted: 09/02/2002 at 22:11 GMT


The recent privacy stuff-up in Messenger "pales in comparison to what can be done if you use MSN Messenger through unpatched IE vulnerabilities," security researchers Tom Gilder and Thor Larholm have discovered.

Among the fun and games one can have with a vulnerable Messenger user are such sports as impersonating the victim and sending spoof messages and spoof e-mail memos to his contacts, and scouring his local drive for interesting files to share around.

In other words, you can do anything with the victim's Messenger client that the owner can do.

A demonstration has been set up here.

http://www.theregister.co.uk/content/4/24004.html

[Holst]

God damnit.

That website pulled all my online contacts up and let me send a message to them.

It makes you sick..

Whats the point in running a firewall if M$ leave the door wide open with buggy software.

I cant decide if I should uninstall it or not ?
Is this thing a potential threat, or just a potential annoyance.

[Superman]

Hmmm. I never use MSN, so I uninstalled it long ago.

EDIT: Some of that other stuff on the site the Reg linked to is scary though.

[sfa ok]

It's bad and all, but just a reason to go and patch your IE. Or go with Mozilla. Personally, I don't use MSN messenger because I don't know anyone else who does.

[robbie]

at least it asked for a password for me.

Rob

[Ploaf]

It didn't load my contact list, but it did load "Windows" messenger and tried to load my contact list. I had used Zone Alarm in the past to disable all access for Messenger. I allowed it this time to see what would happend but I still denied server rights. I don't know if that helped or not, but it never did show my contact list. I have my settings on anal once again and messenger has no more rights to my connection.

[Wa11y]

Whee! I'm surfing the web with Konqueror right now! No more of Bubba's bull**** for me! Well, okay, I just go Linux installed and running an hour or two ago, but it's a step in the right direction.

I try to keep updated on all the IE security patches, but God knows it's a losing battle. MS just need to give up on making software suites, and just go back to the core OS. And focus on securing our assets, not just their own.

[Daniel ~]

Way to go Wally! My next machine's going to be Linux from the get go!

[Dave]

for some reason it didnt work for me... i think im patched up already (win2k, sp2 methinks)

[Ploaf]

I just downloaded an updated messenger and it doesn't suffer from this flaw anymore. It's just a matter of time before some other problem is found.

[Daniel ~]

Quote:

Originally posted by Ploaf
I just downloaded an updated messenger and it doesn't suffer from this flaw anymore. It's just a matter of time before some other problem is found.

Mind you a hell of a lot of people NEVER update their OS. They wait and buy a new machine.

[Holst]

Quote:

Originally posted by Ploaf
I just downloaded an updated messenger and it doesn't suffer from this flaw anymore. It's just a matter of time before some other problem is found.

I have all the updates and mine still gives out my contacts.
Im running win2k.

Ill try making zonalarm a bit harsher on MSN and see if that fixes it.

[nullCRC]

Do you have this update?