Non-so-speedy-speedlinking: June catchup
Posted by absorbation on Wed 23 Jun 2010 (13:37 GMT) (25539 views)
I would like to start this post by apologizing for not writing a single piece of news for over a month. The exams period took its tole, but now the summer is here I can once again focus on regular news updates. There has been various stories arising over the past month, so consider this a catch-up post to give you a brief overview of what you may have missed.

Messenger integrates with Kinect: Microsoft's E3 press conference last week demoed a highly polished and interesting way to communicate to your Messenger contacts - without a keyboard, mouse or even a controller. Microsoft's focus of the show, Kinect (previously known as Project Natal) is its motion sensing camera that is designed to transform how webcam chat will work over Xbox Live. The development team claim this is part of a wider transformation of its webcam system over to high-definition. [Read more]

Sharing your search results: Microsoft have further integrated its new search engine, Bing into Windows Live Messenger. You can now let your contacts know your search results, via an instant message or via a status update. [Read more]

BBC iPlayer integrates with Messenger: Yet more integration news. The BBC's flagship Internet streaming service has expanded to allow chatting to your Messenger friends from within your web browser, allowing you to watch TV and chat online simultaneously. In order to use the feature, you must enable the new beta interface.

The MessengerSays blog closes: The official Messenger development blog has come to an end, in favor of a non-specific Windows, which posts on a more regular basis. The MessengerSays blog will be missed, after coming to life at a similar time as MsgStuff. It has always been a more personal side to Messenger development. [Read more]

Webcam feature receives update: Mynetx has discovered the leaked build of Windows Live Messenger 2011 has been dynamically improved in terms of user-friendliness and quality. [Read more]

Public beta due Thursday? Rumors have stated that a public beta was due in June this year, but this week has seen several sources suggesting a public beta of Windows Live Essentials Wave 4 is due tomorrow (Thurs 24th).

Messenger now has three specific contact list styles: Wave 4 has seen extensive social networking integration, with the social pane playing an important role in re-designing the contact list. Although the classic design can still be enabled, yesterday revealed the classic design can now hold two columns of contacts, while re-positing other features within the list:

Webcam messaging now available in eBuddy
Posted by absorbation on Sun 10 May 2009 (17:44 GMT) (10947 views)
Web messengers used to be simple web tools for providing basic text chat when you are away from your personal computer. These days, however they are so much more, delivering just as many features as a desktop client would. In keeping with this modern trend, eBuddy has developed a webcam chat feature right from your web browser for use with several IM clients.

Simply open a chat, click the webcam button and you are ready to go! It doesn’t matter if your friends are on eBuddy, MSN, Yahoo! or Facebook; you will always be able to start a webcam session with them. All you need is a webcam!

The feature works well and is incredibly easy to use with the same functionality as you would expect from your normal IM client. To think even Microsoft Messenger for Mac doesn't even support audio or video chat is remarkable and yet a third party web messenger is doing a great job of it. As always this leaves us with speculation to what eBuddy is going to do for its next trick.

Source: eBuddy blog
View details of the new webcam feature at

Text ads appearing during webcam loading
Posted by anileator on Thu 08 Nov 2007 (22:40 GMT) (2547 views)
It appears that text based Ads have started to appear in the webcam area whilst initiating a video enabled conversation. The text in blue is a standard link and you are able to highlight and click it to open the targeted site.

My criticism would be is this really targeted and would be successful?
After all on a good connection the ad is only displayed for a few seconds at most, and I wouldn't imagine that people initiating in webcam conversations are the ideal target audience for loans. Normally the adverts in this loading space are for webcam's and headsets, this suits perfectly and is pretty well targeted.

Can we expect more of these text ads to come?

A web messenger with webcam! We bring you ... IMO
Posted by Nathan on Sat 27 Oct 2007 (16:54 GMT) (136348 views)
Have you ever noticed that the popular web messengers never have webcam functionality? Well we received an email from informing us of a large update to their web messenger.

After exploring IMO's features I can tell you it is very basic but the potential it has is huge. It is the only web messenger I know of that has webcam support. Its interface has potential, I think it just needs a designer to spice it up. The simple, compact design makes it a great portable web messenger fully implemented with JavaScript and a secure connection.

Before you login you have the opportunity to use other IM systems such as Google Talk, Yahoo! Messenger and AIM. On login it will put the contact list to one side and on the other side there is an input box allowing you to log into a second account.

Currently the main features are:

  • The ability to use webcam
  • Add a custom status
  • Search Buddies
  • Add Buddies
  • Delete Buddies
  • Use more than one account
  • Use different IM's
  • And the ability to link your accounts

This is only the alpha version so be sure to keep checking back because new features will be springing up soon (I, myself have suggested a few).

Visit the IMO homepage

Another security flaw crops up in Messenger
Posted by absorbation on Wed 26 Sep 2007 (21:25 GMT) (2850 views)
Again a 'highly critical' security flaw has appeared, this time in Windows Live Messenger specific to the sharing folders feature. Similar to the webcam flaw, the problem is caused by a 'buffer overflow' however, this time the exploit only effects Windows Live Messenger users and won't spark as much criticism if a forced update was to be in implemented.

Again this is only a risk if you accept sharing folders with people you do not trust and there is no known virus spreading:

The attacker can 'Create a sharing folder' for its victim and then put the malformed file into the physical location of that folder on his hard drive (My Computer > My Sharing Folders > Note that if the attacker would drag & drop the file directly into the Messenger window, his own client would crash. Considering that the victim has accepted the sharing folder, the attacker can simply click the sharing icon to crash Windows Live Messenger, or even Windows XP entirely when the process isn't terminated in time. The victim then needs to delete the sharing folder entirely to cease the exploitation.

The vulnerability was discovered on the 20th of August 2007 and reported to Microsoft on the 23rd. The company responded one day later that it will address the issue in 'the next service pack'. Although there have been no reports yet of actual exploitation via this method, you should note that in order to protect yourself you should avoid sharing folders with contacts you don't trust.

Nevertheless Microsoft are tough on security flaws, let's just hope there are no stupid decisions this time around.


'Phase 2' of forced upgrade now in progress
Posted by absorbation on Sun 23 Sep 2007 (21:05 GMT) (2729 views)
Microsoft have began 'phase 2' of updating Windows users to the fixed builds of MSN/ Windows Live Messenger. Now users using Windows 95 to Windows 2000 will have to update to MSN Messenger 7.0.0820:

In the second phase, we are turning on the Mandatory Security Upgrades for Windows 2000, Windows 98, Windows 98 SE, and Windows ME. As noted in the security bulletin, we have built a new version of MSN Messenger 7.0, build number 7.0.0820, that will run on Windows 2000. This version of MSN Messenger has also been tested for Windows 98, Windows 98 SE, and Windows ME. Users should expect these upgrades to start soon.

To recap, the set of Messenger clients that do not have the webcam security vulnerability are:

  • Windows Live Messenger 8.1 (for XP and Vista)
  • MSN Messenger 7.0.0820 (for Windows 2000 and Windows 98, SE, ME)
  • Windows Messenger – all versions (XP only)
  • MSN Messenger 5.0 for Windows 95.
  • Microsoft Messenger for Macintosh (all versions)
and ... Windows Live Messenger 8.5 which many of you are using in beta form.

What I find interesting is that Microsoft are still forcing the update despite the high amount of criticising comments left on the MessengerSays blog.

XP users forced to use Windows Live Messenger to prevent webcam exploit
Posted by absorbation on Tue 11 Sep 2007 (16:44 GMT) (31962 views)
In an update to the Messenger webcam security flaw, Microsoft have, on 'Patch Tuesday' implemented a security method to protect users from the exploit. Any Windows XP user using a Messenger client of version 8.0 or below will now be forced to update to Windows Live Messenger 8.1.

This still leaves other Windows users at risk, but this is just a temporary solution to the problem (I would hardly call this a huge security flaw anyway, it is hard to get any virus of this nature spreading). If anything I am more concerned about MSN Messenger users not wanting to use Windows Live Messenger as to some they are two different programs and a minority will want to keep using MSN Messenger.

If your wondering why this only applies to Windows XP users, it simply comes down to users of Windows 2000 and below are not compatible with newer versions of Messenger. I think we can expect some form of update for MSN Messenger 7.0 in the near furture.

'Highly critical' security vulnerability identified in MSN Messenger
Posted by absorbation on Thu 31 Aug 2007 (14:33 GMT) (32615 views)
Yahoo! Messenger may of had another recent security scare relating to vulnerabilities in its webcam system last week, but things were soon patched up and users were protected. Now it seems MSN Messenger and Windows Live Messenger 8.0 also have a similar problem.

The problem is caused by a 'buffer overflow' and to be honest it is nothing to worry about if you know the people who you are accepting webcam invitations from. The problem with this situation is a fix is already present for Windows Live Messenger, but MSN Messenger is still open to the security flaw.

So what does this mean for MSN Messenger? Well MSN Messenger is still a popular program, Microsoft still support it and you have to remember Windows Live Messenger is just an updated and re-branded MSN Mesenger. Forcing users to update to Windows Live Messenger would not be a wise move.

Zdnet managed to get a quote from a Microsoft spokesperson on the issue:

Once we're done investigating, we will take appropriate action to help protect customers. This may include providing a security update through the monthly release process, an out-of-cycle update or additional guidance to help customers protect themselves.

This still shows Microsoft are still keen on MSN Messenger users and will support critical updates for the program. I expect a new build for MSN Messenger will be available within the near future.

Yahoo! Messenger security update fixes vulnerability
Posted by absorbation on Fri 24 Aug 2007 (17:31 GMT) (4989 views)
Last Saturday I posted about a Yahoo! Messenger vulnerability which targeted webcam users. Yahoo! have now released a security update fixing the exploit. Users are recommended to upgrade to the new build.

Even if you installed Yahoo! Messenger as recently as August 20th, 2007 you may not have the very latest version.

You can check to see if you have the latest version by clicking the 'Help' menu option at the top right of your Yahoo! Messenger window, and then clicking 'About Yahoo! Messenger' or 'Check for Updates'.

If your Yahoo! Messenger version number is (or higher) then you have the latest and do not need to take any immediate action. If you are running anything lower than then please upgrade to the latest version.

Source: Yahoo! Messenger blog

McAfee warns Yahoo! Messenger users of webcam exploit
Posted by absorbation on Sat 18 Aug 2007 (19:10 GMT) (11192 views)
The Yahoo! Messenger webcam feature has had security problems in the past resulting in a minor security update. This week a similar issue has been noted by McAfee warning Yahoo! Messenger users of a possible exploit:

It seems like a classic heap overflow which can be triggered when the victim accepts a webcam invite. Note that this vulnerability is different from the recently patched one in June which exploited the Yahoo! Webcam ActiveX controls.

We've been able to reach Yahoo! security team and have informed them about this issue.

We recommend the following to users using Yahoo! Messenger Webcam:

  1. Don't accept webcam invites from untrusted sources until a patch for this is released.
  2. It's advisable to block outgoing traffic on TCP port 5100 until the vendor patches this vulnerability.

Although there are no known cases of this security hole being misused, I can't help but feel McAfee have made the situation worse by making the details public. Then again you could argue I am at fault for doing the same. If you are a Yahoo! Messenger user be careful accepting webcam invites until the issue is fixed.

View the post at avertlabs