Aug 15, 2007

[Security] Possible Zero-Day Problem for YM (UPDATED)

Heads up for Yahoo! Messenger users. McAfee Avert Labs Blog reports about a potential zero-day vulnerability for your favorite instant messenger. While no exploit is known or is in the wild, it always pays to be extra careful.

No details are available as of this time.

(Yes, I know, it is hard to be careful against something you do not know. There are ways in keeping yourself safe. Try using Web-based YM in the meantime. Or don't click on links being sent via YM.)


McAfee Avert Labs Blog has posted an update and has confirmed the existence of the vulnerability, which involves YM Web cam. They have posted the following mitigating measures:

1. Don't accept Web cam invites from untrusted sources until a patch for this is released.
2. It's advisable to block outgoing traffic on TCP port 5100 until the vendor patches this vulnerability. (If unsure about port blocking, just follow number 1, above.)


  1. Hey Rocky!
    I have a question.
    I know that you're kind of an expert with gadgets too. I just wanna know what makes a 'clone' laptop different from branded ones like lenovo etc. I bought an ECS a few months ago and it's workign fine. When I saw the new Compaq laptops and their corresponding prices, I just began to wonder why they were priced too high and what is the difference?

    Sorry off-topic.

  2. Well, it's like asking the difference between Coke and Pop Cola or Colgate and Family or something. So-called generic brands are theoretically just as good but of course without the benefit of a brand, one cannot really provide a "track record" of performance over time.

    So when you pay more, you're paying (theoretically) for quality based on that company's past performance.

  3. I think ECS is not a generic brand; it offers models that are more expensive than their corresponding Acer models.

    But yes, you pay extra for the so-called brand's quality and reliability.

  4. Hello Rocky:

    following your twitter; it's nice to see that you did achieve some happiness several hours ago.