Showing posts with label yahoo messenger. Show all posts
Showing posts with label yahoo messenger. Show all posts

Mar 2, 2008

[Geeky Guide] Contact the Geek!

Flickr: Daniel F. Pigatto - Pidgin: diga ADEUS ao Live Messenger!
Pidgin: diga ADEUS ao Live Messenger! by Daniel F. Pigatto.


Since I'm going to be in the US this April, I thought it might be prudent to post my contact information in case any geeks in the Los Angeles area wanted to meet up, at least you'd be able to reach me. Besides, it's bound to help with further associating this blog with my personally.

Rocky Sunico
Primary Email - rgsunico [at] gmail.com
YM / Skype / Twitter / AIM - rgsunico
MSN - rgsunico [at] gmail.com
Personal Blog - Beyond Dinobot Island
Multiply - Moonbase 8
Geeked Out by Rocky Sunico at 19:40 0 comments
Tags: , , , , , , , ,

Sep 27, 2007

[Security] A Yahoo! Messenger vulnerability?

Trend Micro reports that a new proof-of-concept (PoC) code that exploits a feature (vulnerability?) in Yahoo! Messenger exists. The code exploits a feature in a certain DLL file to download a file. Malware authors can leverage on the said DLL file to download malware. According to the report, the exploit works on the latest version of the popular messaging client.

From the report:

Based on testing done in Windows XP SP2 with the latest version of Yahoo! Messenger (8.1.0.421) using the said DLL component, programs or Web sites using the CLSID related to the said DLL can download files from the Internet. Users can be lead to malicious/non-malicious sites that will first prompt for an ActiveX warning. When users allow the said ActiveX component to execute, FT60.DLL downloads files specified by the program or Web site.


It will be hard to lead a user to a Web site and then fool the user to allow an unknown ActiveX component to run. But it can be done. Users are advised to be careful when clicking on links sent via IM or installing applications from untrusted sources.

Whether a malware will leverage on this remains to be seen.
Geeked Out by Prince Heinell at 16:11 0 comments
Tags: , , ,

Aug 15, 2007

[Security] Possible Zero-Day Problem for YM (UPDATED)

Heads up for Yahoo! Messenger users. McAfee Avert Labs Blog reports about a potential zero-day vulnerability for your favorite instant messenger. While no exploit is known or is in the wild, it always pays to be extra careful.

No details are available as of this time.

(Yes, I know, it is hard to be careful against something you do not know. There are ways in keeping yourself safe. Try using Web-based YM in the meantime. Or don't click on links being sent via YM.)

UPDATE:

McAfee Avert Labs Blog has posted an update and has confirmed the existence of the vulnerability, which involves YM Web cam. They have posted the following mitigating measures:

1. Don't accept Web cam invites from untrusted sources until a patch for this is released.
2. It's advisable to block outgoing traffic on TCP port 5100 until the vendor patches this vulnerability. (If unsure about port blocking, just follow number 1, above.)
Geeked Out by Prince Heinell at 13:29 4 comments
Tags: , ,
Subscribe to: Posts (Atom)