Tag - .info
Microsoft release a statement about .info blocking
on Wed 15 Aug 2007 (12:20 GMT)
on Wed 15 Aug 2007 (12:20 GMT)
After the disaster of blocking .info domains a couple of weeks ago and the attention it got, Microsoft have released a statement justifying their reasons behind the controversial security method:
Personally, despite the reasons behind the block still not valid in my opinion, the sloppiness of the feature has been changed so not every message with '.info' within it is blocked. Now '.info' is only blocked in things that Messenger recognises as URLs and turns into clickable, blue links. The user will also be notified that their message never went through, but they will not receive an explanation why.
Any virus creator can just encode the URL or use services such as TinyURL to work around this. The people losing out are me and you, who need to send non-dangerous messages to our friends and work colleagues every day.
I still believe things should be blocked on a case by case basis (if not blocked at all). The feature is still poorly implemented, but after the attention of the past week hopefully something will be done soon.
For me it wasn't that much of an annoyance, I've been receiving a swarm on hits since all this was revealed, maybe I should stop complaining?
>> Source: mess.be
In order to prevent the spread of a malicious advertising effort that included Windows Live Messenger accounts as targets, Microsoft took steps to block instant messages that include the words '.info' and a few additional key words to protect our customers. The targeted accounts were sent either info or another URL, which led to a website asking them to provide their Windows Live user id and password. If the customer provided that information, the user's complete contact list also received a message with the domain site link. This was not a Microsoft sponsored effort, and in order to prevent the spread of it through our service, instant messages that include the words '.info' and a few additional key words have been blocked. This action may block some safe, reputable sites and we apologize for any inconvenience this may cause our customers, however, given the circumstances this action was necessary. In an effort to remedy this moving forward, Microsoft continues to investigate other ways to protect our consumers from this threat.
Microsoft recommends that Windows Live Messenger users do not provide their account information to third-party sites. To learn more about how to recognize a social engineering threat, more information is available at http://www.microsoft.com/athome/security/email/socialengineering.mspx. In addition, Microsoft continues to encourage people to follow the 'Protect Your Computer' guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at www.microsoft.com/protect.
Microsoft recommends that Windows Live Messenger users do not provide their account information to third-party sites. To learn more about how to recognize a social engineering threat, more information is available at http://www.microsoft.com/athome/security/email/socialengineering.mspx. In addition, Microsoft continues to encourage people to follow the 'Protect Your Computer' guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at www.microsoft.com/protect.
Personally, despite the reasons behind the block still not valid in my opinion, the sloppiness of the feature has been changed so not every message with '.info' within it is blocked. Now '.info' is only blocked in things that Messenger recognises as URLs and turns into clickable, blue links. The user will also be notified that their message never went through, but they will not receive an explanation why.
Any virus creator can just encode the URL or use services such as TinyURL to work around this. The people losing out are me and you, who need to send non-dangerous messages to our friends and work colleagues every day.
I still believe things should be blocked on a case by case basis (if not blocked at all). The feature is still poorly implemented, but after the attention of the past week hopefully something will be done soon.
For me it wasn't that much of an annoyance, I've been receiving a swarm on hits since all this was revealed, maybe I should stop complaining?
>> Source: mess.be
Exposed: what Microsoft don't want you to receive
on Thu 09 Aug 2007 (14:14 GMT)
on Thu 09 Aug 2007 (14:14 GMT)
After the recent news that Microsoft is now censoring users of its instant messaging software from receiving messages containing .info, as well as things like .pif which they were already blocking, I decided to do some research to find out what else they think could pose a security risk to you and your computer and censor.
The list of blocked strings is stored on the Messenger servers so that it can be quickly downloaded to instantly update your Messenger with any new entries without you having to download a whole new version. After playing around a bit with the Messenger protocol (aka MSNP) I managed to retrieve the list from the servers.
Unless there was a problem downloading the list, which there didn't appear to, the Messenger team have started removing the end of lots of strings - presumably to try and stop even more bad site links getting sent. For example .p used to be .pif and .s used to be .scr and on several other strings .ph used to be .php, .e used to be .exe and .c used to be .com.
Because the list currently contains 124 entries I've made an image containing them all. This also means that you cannot easily copy the text to try and visit any of the URLs in the list which would potentially end in your computer being infected with some kind of virus, adware, spyware or worm, or expose you to phishing scams.
>> View the image of the list of censored strings
>> If you want to find out more about how these entries are used or why the .* in some strings actually slows your computer down then there is a discussion expanding upon these ideas started by TheBlasphemer, the creator of StuffPlug, over at the StuffPlug forums.
The list of blocked strings is stored on the Messenger servers so that it can be quickly downloaded to instantly update your Messenger with any new entries without you having to download a whole new version. After playing around a bit with the Messenger protocol (aka MSNP) I managed to retrieve the list from the servers.
Unless there was a problem downloading the list, which there didn't appear to, the Messenger team have started removing the end of lots of strings - presumably to try and stop even more bad site links getting sent. For example .p used to be .pif and .s used to be .scr and on several other strings .ph used to be .php, .e used to be .exe and .c used to be .com.
Because the list currently contains 124 entries I've made an image containing them all. This also means that you cannot easily copy the text to try and visit any of the URLs in the list which would potentially end in your computer being infected with some kind of virus, adware, spyware or worm, or expose you to phishing scams.
>> View the image of the list of censored strings
>> If you want to find out more about how these entries are used or why the .* in some strings actually slows your computer down then there is a discussion expanding upon these ideas started by TheBlasphemer, the creator of StuffPlug, over at the StuffPlug forums.
Messenger team block all .info domains being sent over Messenger
on Tue 31 Jul 2007 (14:59 GMT)
on Tue 31 Jul 2007 (14:59 GMT)
The Messenger team have gone crazy with security now. They have entered a huge paranoid state which requires sloppy programming to prevent viruses spreading across the Messenger network. They have blocked all URLs containing the popular .info domain.
This is their response to the vast amount of viruses spreading using URLs containing '.info'. However, instead of blocking domains by a case by case basis, Microsoft has blocked millions of useful webpages by suggesting that all .info domains are dangerous! This is a typical example of sloppy, rushed programming.
I find this surprising after an article got some attention about Microsoft already censoring messages containing .pif, download.php or staff.php, but this is really pushing it. I wonder whose decision it was to block all .info domains being sent over Messenger?
This paranoid attitude to scanning messages on both the client and server side is also causing Messenger to act slow and even freeze up! There must be some real poor programmers developing Messenger and I have no idea why Microsoft has done nothing about this.
>> Source: mess.be
This is their response to the vast amount of viruses spreading using URLs containing '.info'. However, instead of blocking domains by a case by case basis, Microsoft has blocked millions of useful webpages by suggesting that all .info domains are dangerous! This is a typical example of sloppy, rushed programming.
I find this surprising after an article got some attention about Microsoft already censoring messages containing .pif, download.php or staff.php, but this is really pushing it. I wonder whose decision it was to block all .info domains being sent over Messenger?
This paranoid attitude to scanning messages on both the client and server side is also causing Messenger to act slow and even freeze up! There must be some real poor programmers developing Messenger and I have no idea why Microsoft has done nothing about this.
>> Source: mess.be