Exposed: what Microsoft don't want you to receive


Posted by the andyman on Thu 09 Aug 2007 (14:14 GMT) (10696 views)
After the recent news that Microsoft is now censoring users of its instant messaging software from receiving messages containing .info, as well as things like .pif which they were already blocking, I decided to do some research to find out what else they think could pose a security risk to you and your computer and censor.

The list of blocked strings is stored on the Messenger servers so that it can be quickly downloaded to instantly update your Messenger with any new entries without you having to download a whole new version. After playing around a bit with the Messenger protocol (aka MSNP) I managed to retrieve the list from the servers.

Unless there was a problem downloading the list, which there didn't appear to, the Messenger team have started removing the end of lots of strings - presumably to try and stop even more bad site links getting sent. For example .p used to be .pif and .s used to be .scr and on several other strings .ph used to be .php, .e used to be .exe and .c used to be .com.

Because the list currently contains 124 entries I've made an image containing them all. This also means that you cannot easily copy the text to try and visit any of the URLs in the list which would potentially end in your computer being infected with some kind of virus, adware, spyware or worm, or expose you to phishing scams.

View the image of the list of censored strings

If you want to find out more about how these entries are used or why the .* in some strings actually slows your computer down then there is a discussion expanding upon these ideas started by TheBlasphemer, the creator of StuffPlug, over at the StuffPlug forums.
6 comments87 trackbacks

Tags:     Blocking  Censorship  Security    

Did you like this news post? You can get all the latest articles at msgstuff.com in your email inbox each morning by entering your email address below. Your address will only be used for mailing you the articles, and each one will include a link so you can unsubscribe at any time. If you have an RSS reader, I recommend you subscribe to the Full RSS Feed

Comments:

Similar Posts




Comment by TheSteve
Posted on Mon 20 Aug 2007 (06:49 GMT)
Anyone else find it strange that '.p' is apparently blocked yet things like '.png' and most '.php' can get through whilst '.pif' doesn't ...

There appears to be a problem with the program you used to get this blocked extensions. It appears to occasionally chop of a few characters. For example: .p and .s should really be .pif and .scr.


Comment by the andyman
Posted on Tue 14 Aug 2007 (09:31 GMT)
@Alex131089 We noticed the removal of .info and the new link-only .info detection and warning thing yesterday afternoon, looks like it's left to me to post about it though!


Comment by Alex131089
Posted on Tue 14 Aug 2007 (01:41 GMT)
Here's the list using MSNP16 protocol : [url]http://img356.imageshack.us/my.php?image=blockedlistjm4.png[/url]
And using the MSNP11 protocol (need authentification) : [url]http://img382.imageshack.us/my.php?image=blockedlistmsnp11li8.png[/url]

It appear they are the same, but since few days, microsoft removed the .info regex (which is still blocked), and replaced it by a new server verification : is the blocked word is in a link, the server notify the client that the message can't be delivered.
Try to send http://.info and .info ...


Comment by Dane
Posted on Mon 13 Aug 2007 (20:58 GMT)
Yeah, http://www.stuffplug.com/temp/downgrdr.exe WAS a virus that was hacked onto the domain without the creators authorization...im surprised it made it there.


Comment by the andyman
Posted on Fri 10 Aug 2007 (12:08 GMT)
@andrewdodd13 I think it's some old file (possibly one of the ones that allowed non-testers to use the first few builds of WLM8 by downgrading the signin protocol from MSNP13 to MSP12) but it doesn't actually exist any more so is just clogging up the list really.

Anyone else find it strange that '.p' is apparently blocked yet things like '.png' and most '.php' can get through whilst '.pif' doesn't ...


Comment by andrewdodd13
Posted on Fri 10 Aug 2007 (10:38 GMT)
Looking over the list... did anyone notice stuffplug.com/temp/downgrdr.exe is blocked?

What was that supposed to be?

Add Comment:

When you post a successful comment please check your inbox where there will be an email containing a link to activate your comment. There are some issues with the comments system at the moment. If you entered any invalid information you won't receive an email.


Your Name
Your Email Address
(Never Displayed)
Your Website
(Not Required)
Message



Type the value in the image above
Notify me of further comments Yes