Tag - Block
Some things we've missed: July catchup
on Mon 14 Jul 2008 (20:26 GMT)
on Mon 14 Jul 2008 (20:26 GMT)
New is slow, but it has been happening, while all this time I have been busy. So I think it's time for a catch-up post!
i'm Initiative concerns:
mess.be have discovered Microsoft have raised $1.5 million on the i'm Initiative campaign since its launch sixteen months ago. However, in ads on just one new campaign, the Talkathon Microsoft have spent $5 million! One could argue Microsoft aren't really raising money for charity, but are attempting to portray themselves in a favourable light to users, which in my book is a big no no.
TinyURL blocked:
The 3rd party company in charge of stopping viruses spreading though Messenger have come under fire again, when they blocked TinyURL links within messages. The system has been controversial since it blocked websites containing .info domains, or entire websites such as YouTube and eBuddy. The system is also ineffective as there are workarounds virus creators can implement and the poor coding means it slows down Messenger. This is probably not the last we will hear of the crazy blocking system either.
MessengerDiscovery Live update:
Version 1.5 brings webcam recordings, encrypted messages, pinable contacts and skinable alerts. Download the update from the official website. As always MessengerDiscovery is feature rich, containing many new and wonderful ideas. It is just a shame they are coded sloppy and this update continues that trend.
MSN Messenger UK stats: - Source
So there we are, a nice little wrap up of the news over the past week or so, but don't worry there is still more to come, some of which is more interesting than this dribble. But being honest, with no development updates, news has been and will remain slow until when Windows Live Messenger 9 is near ready.
i'm Initiative concerns:
mess.be have discovered Microsoft have raised $1.5 million on the i'm Initiative campaign since its launch sixteen months ago. However, in ads on just one new campaign, the Talkathon Microsoft have spent $5 million! One could argue Microsoft aren't really raising money for charity, but are attempting to portray themselves in a favourable light to users, which in my book is a big no no.
TinyURL blocked:
The 3rd party company in charge of stopping viruses spreading though Messenger have come under fire again, when they blocked TinyURL links within messages. The system has been controversial since it blocked websites containing .info domains, or entire websites such as YouTube and eBuddy. The system is also ineffective as there are workarounds virus creators can implement and the poor coding means it slows down Messenger. This is probably not the last we will hear of the crazy blocking system either.
MessengerDiscovery Live update:
Version 1.5 brings webcam recordings, encrypted messages, pinable contacts and skinable alerts. Download the update from the official website. As always MessengerDiscovery is feature rich, containing many new and wonderful ideas. It is just a shame they are coded sloppy and this update continues that trend.
MSN Messenger UK stats: - Source
MSN Messenger has topped a group of 10 websites and applications which account for 30 per cent of the UK internet use.
Web users spend 2.6billion minutes a month on MSN, almost eight per cent of the UK's total of 33billion minutes.
EBay, Facebook, Google and iTunes are among the other "500 club" - sites who see users log at least 500million minutes online.
Web users spend 2.6billion minutes a month on MSN, almost eight per cent of the UK's total of 33billion minutes.
EBay, Facebook, Google and iTunes are among the other "500 club" - sites who see users log at least 500million minutes online.
So there we are, a nice little wrap up of the news over the past week or so, but don't worry there is still more to come, some of which is more interesting than this dribble. But being honest, with no development updates, news has been and will remain slow until when Windows Live Messenger 9 is near ready.
Microsoft: don't blame us for YouTube block on Messenger
on Mon 12 May 2008 (16:05 GMT)
on Mon 12 May 2008 (16:05 GMT)
Although it doesn't always seem like it, the Windows Live Messenger team like to take care of their customers. Getting someone in at the weekend to remove a stupid message block and now explaining what went wrong.
Dharmesh Mehta, a lead on the Windows Live Messenger product management team who's emerging as something of a regular poster at MessengerSays (the official Windows Live Messenger team blog), has given an apology and some details of why YouTube was blocked for several hours last weekend.
The main things that worry me about what is said here are:
- one, how much of our messages are this third party seeing - there are severe privacy issues surrounding this, do the company only get sent URLs that appear in messages or all of our messages? how much control does Microsoft have over this? and why if "manually checking the URL" happens did someone still think to block YouTube.com?;
- and two, why does it take an uproar like this to get a website "unblocked" - while other legitimate websites are still blocked.
>> Post at "Inside Windows Live Messenger" blog (aka MessengerSays)
>> Send the Messenger team feedback
Dharmesh Mehta, a lead on the Windows Live Messenger product management team who's emerging as something of a regular poster at MessengerSays (the official Windows Live Messenger team blog), has given an apology and some details of why YouTube was blocked for several hours last weekend.
As some of you noticed, we had a problem from Friday night to Saturday morning where our Messenger service was incorrectly blocking some legitimate IP addresses. We sincerely apologize for any difficulties this caused our users. And we want to thank those of you that reported this problem to us so that we could quickly fix it. Because of your help, the incorrect block was only in place for a few hours.
As you can imagine, we are very serious about our efforts to block virus, malware and other harmful URLs from being passed on to our users. And we're continually working to improve this process so that we can keep our users safe without having a negative impact on your Messenger service.
There have been some pretty outlandish speculations on what happened so I'd like to give you some facts about our process for trying to block unsafe URLs and about what happened Friday night:
As always, we're open to feedback on how to make Messenger an even greater service. And again, our apologies to the users that were impacted by this.
As you can imagine, we are very serious about our efforts to block virus, malware and other harmful URLs from being passed on to our users. And we're continually working to improve this process so that we can keep our users safe without having a negative impact on your Messenger service.
There have been some pretty outlandish speculations on what happened so I'd like to give you some facts about our process for trying to block unsafe URLs and about what happened Friday night:
- There are a number of factors that can be used to determine whether a URL is potentially harmful: number of times a URL is sent, the frequency of the URL being sent, the number of accounts the URL is sent from, manually checking the URL, comparing with other "block lists", etc.
- When a URL is deemed harmful, a block can be instated for a specific URL (i.e. www.domain.com/page) or an entire domain (i.e. *.domain.com)
- This entire process for Messenger is managed by a 3rd party that is a Microsoft partner
- On Friday, Microsoft did not request to block any of the URLs that were accidentally blocked
The blocks were made by our partner as a result of their process to block harmful URLs - We are still investigating the specific reason our partner made these incorrect blocks and we will work with them to improve their process for detecting harmful URLs while not blocking safe ones
As always, we're open to feedback on how to make Messenger an even greater service. And again, our apologies to the users that were impacted by this.
The main things that worry me about what is said here are:
- one, how much of our messages are this third party seeing - there are severe privacy issues surrounding this, do the company only get sent URLs that appear in messages or all of our messages? how much control does Microsoft have over this? and why if "manually checking the URL" happens did someone still think to block YouTube.com?;
- and two, why does it take an uproar like this to get a website "unblocked" - while other legitimate websites are still blocked.
>> Post at "Inside Windows Live Messenger" blog (aka MessengerSays)
>> Send the Messenger team feedback
Too far now: Messenger blocks links to ebuddy.com
on Sat 12 Apr 2008 (12:13 GMT)
on Sat 12 Apr 2008 (12:13 GMT)
Microsoft have been known for blocking links stupidly in the past. But I think this one takes the bullet ... you can now longer receive links to to the hit web messenger eBuddy within Messenger! mess.be had this to say on the issue:
Microsoft have made a mistake from blocking things from day one, it is an inefficient system that was poorly coded and even made Messenger slower. Blocking one of the most successful services to take advantage of their product was an error of judgement and like I said last week Microsoft don't seem to be pleasing those who work closely with their products.
>> Source: mess.be
A considerable number of people may have, for whatever reason, reported the popular web-based IM client through the Report abuse option that's sitting in every "Help" menu since version 8.1. But I'm not even seeing those hardly annoying, automated "I'm using eBuddy.com!" messages anymore.
Or perhaps Microsoft just accidentally blocked the site of a competitor... again. But while last week's mistake was corrected in less than a day, the ban on eBuddy.com has first been noticed by Messer Bram already last Wednesday.
Either way, it's probably yet another example of a safe URL being blocked as part of Messenger's inefficient worms and SPIM filter. Both parties were contacted and I'm awaiting their reaction.
Or perhaps Microsoft just accidentally blocked the site of a competitor... again. But while last week's mistake was corrected in less than a day, the ban on eBuddy.com has first been noticed by Messer Bram already last Wednesday.
Either way, it's probably yet another example of a safe URL being blocked as part of Messenger's inefficient worms and SPIM filter. Both parties were contacted and I'm awaiting their reaction.
Microsoft have made a mistake from blocking things from day one, it is an inefficient system that was poorly coded and even made Messenger slower. Blocking one of the most successful services to take advantage of their product was an error of judgement and like I said last week Microsoft don't seem to be pleasing those who work closely with their products.
>> Source: mess.be
Microsoft release a statement about .info blocking
on Wed 15 Aug 2007 (12:20 GMT)
on Wed 15 Aug 2007 (12:20 GMT)
After the disaster of blocking .info domains a couple of weeks ago and the attention it got, Microsoft have released a statement justifying their reasons behind the controversial security method:
Personally, despite the reasons behind the block still not valid in my opinion, the sloppiness of the feature has been changed so not every message with '.info' within it is blocked. Now '.info' is only blocked in things that Messenger recognises as URLs and turns into clickable, blue links. The user will also be notified that their message never went through, but they will not receive an explanation why.
Any virus creator can just encode the URL or use services such as TinyURL to work around this. The people losing out are me and you, who need to send non-dangerous messages to our friends and work colleagues every day.
I still believe things should be blocked on a case by case basis (if not blocked at all). The feature is still poorly implemented, but after the attention of the past week hopefully something will be done soon.
For me it wasn't that much of an annoyance, I've been receiving a swarm on hits since all this was revealed, maybe I should stop complaining?
>> Source: mess.be
In order to prevent the spread of a malicious advertising effort that included Windows Live Messenger accounts as targets, Microsoft took steps to block instant messages that include the words '.info' and a few additional key words to protect our customers. The targeted accounts were sent either info or another URL, which led to a website asking them to provide their Windows Live user id and password. If the customer provided that information, the user's complete contact list also received a message with the domain site link. This was not a Microsoft sponsored effort, and in order to prevent the spread of it through our service, instant messages that include the words '.info' and a few additional key words have been blocked. This action may block some safe, reputable sites and we apologize for any inconvenience this may cause our customers, however, given the circumstances this action was necessary. In an effort to remedy this moving forward, Microsoft continues to investigate other ways to protect our consumers from this threat.
Microsoft recommends that Windows Live Messenger users do not provide their account information to third-party sites. To learn more about how to recognize a social engineering threat, more information is available at http://www.microsoft.com/athome/security/email/socialengineering.mspx. In addition, Microsoft continues to encourage people to follow the 'Protect Your Computer' guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at www.microsoft.com/protect.
Microsoft recommends that Windows Live Messenger users do not provide their account information to third-party sites. To learn more about how to recognize a social engineering threat, more information is available at http://www.microsoft.com/athome/security/email/socialengineering.mspx. In addition, Microsoft continues to encourage people to follow the 'Protect Your Computer' guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at www.microsoft.com/protect.
Personally, despite the reasons behind the block still not valid in my opinion, the sloppiness of the feature has been changed so not every message with '.info' within it is blocked. Now '.info' is only blocked in things that Messenger recognises as URLs and turns into clickable, blue links. The user will also be notified that their message never went through, but they will not receive an explanation why.
Any virus creator can just encode the URL or use services such as TinyURL to work around this. The people losing out are me and you, who need to send non-dangerous messages to our friends and work colleagues every day.
I still believe things should be blocked on a case by case basis (if not blocked at all). The feature is still poorly implemented, but after the attention of the past week hopefully something will be done soon.
For me it wasn't that much of an annoyance, I've been receiving a swarm on hits since all this was revealed, maybe I should stop complaining?
>> Source: mess.be
Exposed: what Microsoft don't want you to receive
on Thu 09 Aug 2007 (14:14 GMT)
on Thu 09 Aug 2007 (14:14 GMT)
After the recent news that Microsoft is now censoring users of its instant messaging software from receiving messages containing .info, as well as things like .pif which they were already blocking, I decided to do some research to find out what else they think could pose a security risk to you and your computer and censor.
The list of blocked strings is stored on the Messenger servers so that it can be quickly downloaded to instantly update your Messenger with any new entries without you having to download a whole new version. After playing around a bit with the Messenger protocol (aka MSNP) I managed to retrieve the list from the servers.
Unless there was a problem downloading the list, which there didn't appear to, the Messenger team have started removing the end of lots of strings - presumably to try and stop even more bad site links getting sent. For example .p used to be .pif and .s used to be .scr and on several other strings .ph used to be .php, .e used to be .exe and .c used to be .com.
Because the list currently contains 124 entries I've made an image containing them all. This also means that you cannot easily copy the text to try and visit any of the URLs in the list which would potentially end in your computer being infected with some kind of virus, adware, spyware or worm, or expose you to phishing scams.
>> View the image of the list of censored strings
>> If you want to find out more about how these entries are used or why the .* in some strings actually slows your computer down then there is a discussion expanding upon these ideas started by TheBlasphemer, the creator of StuffPlug, over at the StuffPlug forums.
The list of blocked strings is stored on the Messenger servers so that it can be quickly downloaded to instantly update your Messenger with any new entries without you having to download a whole new version. After playing around a bit with the Messenger protocol (aka MSNP) I managed to retrieve the list from the servers.
Unless there was a problem downloading the list, which there didn't appear to, the Messenger team have started removing the end of lots of strings - presumably to try and stop even more bad site links getting sent. For example .p used to be .pif and .s used to be .scr and on several other strings .ph used to be .php, .e used to be .exe and .c used to be .com.
Because the list currently contains 124 entries I've made an image containing them all. This also means that you cannot easily copy the text to try and visit any of the URLs in the list which would potentially end in your computer being infected with some kind of virus, adware, spyware or worm, or expose you to phishing scams.
>> View the image of the list of censored strings
>> If you want to find out more about how these entries are used or why the .* in some strings actually slows your computer down then there is a discussion expanding upon these ideas started by TheBlasphemer, the creator of StuffPlug, over at the StuffPlug forums.
Messenger team block all .info domains being sent over Messenger
on Tue 31 Jul 2007 (14:59 GMT)
on Tue 31 Jul 2007 (14:59 GMT)
The Messenger team have gone crazy with security now. They have entered a huge paranoid state which requires sloppy programming to prevent viruses spreading across the Messenger network. They have blocked all URLs containing the popular .info domain.
This is their response to the vast amount of viruses spreading using URLs containing '.info'. However, instead of blocking domains by a case by case basis, Microsoft has blocked millions of useful webpages by suggesting that all .info domains are dangerous! This is a typical example of sloppy, rushed programming.
I find this surprising after an article got some attention about Microsoft already censoring messages containing .pif, download.php or staff.php, but this is really pushing it. I wonder whose decision it was to block all .info domains being sent over Messenger?
This paranoid attitude to scanning messages on both the client and server side is also causing Messenger to act slow and even freeze up! There must be some real poor programmers developing Messenger and I have no idea why Microsoft has done nothing about this.
>> Source: mess.be
This is their response to the vast amount of viruses spreading using URLs containing '.info'. However, instead of blocking domains by a case by case basis, Microsoft has blocked millions of useful webpages by suggesting that all .info domains are dangerous! This is a typical example of sloppy, rushed programming.
I find this surprising after an article got some attention about Microsoft already censoring messages containing .pif, download.php or staff.php, but this is really pushing it. I wonder whose decision it was to block all .info domains being sent over Messenger?
This paranoid attitude to scanning messages on both the client and server side is also causing Messenger to act slow and even freeze up! There must be some real poor programmers developing Messenger and I have no idea why Microsoft has done nothing about this.
>> Source: mess.be