Tag - Webcam
It appears that text based Ads have started to appear in the webcam area whilst initiating a video enabled conversation. The text in blue is a standard link and you are able to highlight and click it to open the targeted site.
My criticism would be is this really targeted and would be successful?
After all on a good connection the ad is only displayed for a few seconds at most, and I wouldn't imagine that people initiating in webcam conversations are the ideal target audience for loans. Normally the adverts in this loading space are for webcam's and headsets, this suits perfectly and is pretty well targeted.
Can we expect more of these text ads to come?
My criticism would be is this really targeted and would be successful?
After all on a good connection the ad is only displayed for a few seconds at most, and I wouldn't imagine that people initiating in webcam conversations are the ideal target audience for loans. Normally the adverts in this loading space are for webcam's and headsets, this suits perfectly and is pretty well targeted.
Can we expect more of these text ads to come?
Good news for Windows XP users still wanting to use MSN Messenger. The new 7.0.0820 build released a couple of weeks ago now allows XP users to sign into it, without any hassle. Anand from the MessengerSays blog has this to say:
This is great news and it shows that the Messenger team are listening to its users.
>> Source: MessengerSays blog
We've seen feedback from several people that they would like to stay on a version of MSN Messenger. Given that many of us currently on the Windows Live Messenger team also worked on MSN Messenger for years, we can appreciate the sentiment. Based on this, we have a new option we hope you'll like.
For those of you on XP who are passionate about staying on MSN Messenger, we've now released the new, more secure build of MSN Messenger 7.0 build 0820 for Windows XP, and we recommend you install and use this build (rather than running MSN Messenger 7.5 on XP in Windows 2000 compatibility mode as we realize some of you are doing). If you currently have MSN Messenger 7.5 installed, we recommend you uninstall it via Add/Remove Program
For those of you on XP who are passionate about staying on MSN Messenger, we've now released the new, more secure build of MSN Messenger 7.0 build 0820 for Windows XP, and we recommend you install and use this build (rather than running MSN Messenger 7.5 on XP in Windows 2000 compatibility mode as we realize some of you are doing). If you currently have MSN Messenger 7.5 installed, we recommend you uninstall it via Add/Remove Program
This is great news and it shows that the Messenger team are listening to its users.
>> Source: MessengerSays blog
Again a 'highly critical' security flaw has appeared, this time in Windows Live Messenger specific to the sharing folders feature. Similar to the webcam flaw, the problem is caused by a 'buffer overflow' however, this time the exploit only effects Windows Live Messenger users and won't spark as much criticism if a forced update was to be in implemented.
Again this is only a risk if you accept sharing folders with people you do not trust and there is no known virus spreading:
Nevertheless Microsoft are tough on security flaws, let's just hope there are no stupid decisions this time around.
>> Source: mess.be
Again this is only a risk if you accept sharing folders with people you do not trust and there is no known virus spreading:
The attacker can 'Create a sharing folder' for its victim and then put the malformed file into the physical location of that folder on his hard drive (My Computer > My Sharing Folders > victim@hotmail.com). Note that if the attacker would drag & drop the file directly into the Messenger window, his own client would crash. Considering that the victim has accepted the sharing folder, the attacker can simply click the sharing icon to crash Windows Live Messenger, or even Windows XP entirely when the process isn't terminated in time. The victim then needs to delete the sharing folder entirely to cease the exploitation.
The vulnerability was discovered on the 20th of August 2007 and reported to Microsoft on the 23rd. The company responded one day later that it will address the issue in 'the next service pack'. Although there have been no reports yet of actual exploitation via this method, you should note that in order to protect yourself you should avoid sharing folders with contacts you don't trust.
The vulnerability was discovered on the 20th of August 2007 and reported to Microsoft on the 23rd. The company responded one day later that it will address the issue in 'the next service pack'. Although there have been no reports yet of actual exploitation via this method, you should note that in order to protect yourself you should avoid sharing folders with contacts you don't trust.
Nevertheless Microsoft are tough on security flaws, let's just hope there are no stupid decisions this time around.
>> Source: mess.be
Microsoft have began 'phase 2' of updating Windows users to the fixed builds of MSN/ Windows Live Messenger. Now users using Windows 95 to Windows 2000 will have to update to MSN Messenger 7.0.0820:
What I find interesting is that Microsoft are still forcing the update despite the high amount of criticising comments left on the MessengerSays blog.
In the second phase, we are turning on the Mandatory Security Upgrades for Windows 2000, Windows 98, Windows 98 SE, and Windows ME. As noted in the security bulletin, we have built a new version of MSN Messenger 7.0, build number 7.0.0820, that will run on Windows 2000. This version of MSN Messenger has also been tested for Windows 98, Windows 98 SE, and Windows ME. Users should expect these upgrades to start soon.
To recap, the set of Messenger clients that do not have the webcam security vulnerability are:
To recap, the set of Messenger clients that do not have the webcam security vulnerability are:
- Windows Live Messenger 8.1 (for XP and Vista)
- MSN Messenger 7.0.0820 (for Windows 2000 and Windows 98, SE, ME)
- Windows Messenger – all versions (XP only)
- MSN Messenger 5.0 for Windows 95.
- Microsoft Messenger for Macintosh (all versions)
What I find interesting is that Microsoft are still forcing the update despite the high amount of criticising comments left on the MessengerSays blog.
As I predicted a couple of days ago a new build has been released for MSN Messenger 7.0, fixing a known webcam exploit. The update has come in to protect Windows users using Windows 2000 or below. XP users will be forced to upgrade to Windows Live Messenger 8.1 or higher.
Since the release there have been numerous requests by XP users who still want to keep MSN Messenger. Some people are very reluctant to use Windows Live Messenger for a variety if reasons. So what can you do to keep using MSN Messenger? Well there is a choice ...
First of all you could trick the Messenger protocol into keep using MSN Messenger, although there are no know tools for this yet you will probably see one crop up soon. The most common fixes are either changing the Messenger build number using resource hacker or selecting the compatibly mode when running the program (see screenshot).
Messenger MVP Sunshine had this to say on the issue:
Users should be promoted of the security update, but forcing users to switch to what seems like a new program is suicide for Messenger. I think things like this is what is putting MSN/ Windows Live Messenger firmly in the past, the market of instant messaging has changed since the glory days of just chatting to friends.
>> Download MSN Messenger 7.0.0820
Since the release there have been numerous requests by XP users who still want to keep MSN Messenger. Some people are very reluctant to use Windows Live Messenger for a variety if reasons. So what can you do to keep using MSN Messenger? Well there is a choice ...
First of all you could trick the Messenger protocol into keep using MSN Messenger, although there are no know tools for this yet you will probably see one crop up soon. The most common fixes are either changing the Messenger build number using resource hacker or selecting the compatibly mode when running the program (see screenshot).
Messenger MVP Sunshine had this to say on the issue:
If you are on WinXP and you don't like Windows Live Messenger you can also get the renewed MSN Messenger 7 version:
MSN Messenger 7.0.0820 for Windows 98, Windows 2000, Windows Millenium and Windows XP
The workaround posted here will probably stop working soon too, eventually you will not be able to sign in with 7.5 anymore (as long as you are using it you are also putting your comp at risk)! Users on Windows 98, Windows 2000, Windows Millenium will be forced to upgrade to 7.0.0820.
Detailed info: Microsoft Security Bulletin MS07-054, Vulnerability in MSN Messenger and Windows Live Messenger Could Allow Remote Code Execution (942099)
MSN Messenger 7.0.0820 for Windows 98, Windows 2000, Windows Millenium and Windows XP
The workaround posted here will probably stop working soon too, eventually you will not be able to sign in with 7.5 anymore (as long as you are using it you are also putting your comp at risk)! Users on Windows 98, Windows 2000, Windows Millenium will be forced to upgrade to 7.0.0820.
Detailed info: Microsoft Security Bulletin MS07-054, Vulnerability in MSN Messenger and Windows Live Messenger Could Allow Remote Code Execution (942099)
Users should be promoted of the security update, but forcing users to switch to what seems like a new program is suicide for Messenger. I think things like this is what is putting MSN/ Windows Live Messenger firmly in the past, the market of instant messaging has changed since the glory days of just chatting to friends.
>> Download MSN Messenger 7.0.0820
XP users forced to use Windows Live Messenger to prevent webcam exploit
on Tue 11 Sep 2007 (16:44 GMT)
on Tue 11 Sep 2007 (16:44 GMT)
In an update to the Messenger webcam security flaw, Microsoft have, on 'Patch Tuesday' implemented a security method to protect users from the exploit. Any Windows XP user using a Messenger client of version 8.0 or below will now be forced to update to Windows Live Messenger 8.1.
This still leaves other Windows users at risk, but this is just a temporary solution to the problem (I would hardly call this a huge security flaw anyway, it is hard to get any virus of this nature spreading). If anything I am more concerned about MSN Messenger users not wanting to use Windows Live Messenger as to some they are two different programs and a minority will want to keep using MSN Messenger.
If your wondering why this only applies to Windows XP users, it simply comes down to users of Windows 2000 and below are not compatible with newer versions of Messenger. I think we can expect some form of update for MSN Messenger 7.0 in the near furture.
This still leaves other Windows users at risk, but this is just a temporary solution to the problem (I would hardly call this a huge security flaw anyway, it is hard to get any virus of this nature spreading). If anything I am more concerned about MSN Messenger users not wanting to use Windows Live Messenger as to some they are two different programs and a minority will want to keep using MSN Messenger.
If your wondering why this only applies to Windows XP users, it simply comes down to users of Windows 2000 and below are not compatible with newer versions of Messenger. I think we can expect some form of update for MSN Messenger 7.0 in the near furture.
Yahoo! Messenger may of had another recent security scare relating to vulnerabilities in its webcam system last week, but things were soon patched up and users were protected. Now it seems MSN Messenger and Windows Live Messenger 8.0 also have a similar problem.
The problem is caused by a 'buffer overflow' and to be honest it is nothing to worry about if you know the people who you are accepting webcam invitations from. The problem with this situation is a fix is already present for Windows Live Messenger, but MSN Messenger is still open to the security flaw.
So what does this mean for MSN Messenger? Well MSN Messenger is still a popular program, Microsoft still support it and you have to remember Windows Live Messenger is just an updated and re-branded MSN Mesenger. Forcing users to update to Windows Live Messenger would not be a wise move.
Zdnet managed to get a quote from a Microsoft spokesperson on the issue:
This still shows Microsoft are still keen on MSN Messenger users and will support critical updates for the program. I expect a new build for MSN Messenger will be available within the near future.
The problem is caused by a 'buffer overflow' and to be honest it is nothing to worry about if you know the people who you are accepting webcam invitations from. The problem with this situation is a fix is already present for Windows Live Messenger, but MSN Messenger is still open to the security flaw.
So what does this mean for MSN Messenger? Well MSN Messenger is still a popular program, Microsoft still support it and you have to remember Windows Live Messenger is just an updated and re-branded MSN Mesenger. Forcing users to update to Windows Live Messenger would not be a wise move.
Zdnet managed to get a quote from a Microsoft spokesperson on the issue:
Once we're done investigating, we will take appropriate action to help protect customers. This may include providing a security update through the monthly release process, an out-of-cycle update or additional guidance to help customers protect themselves.
This still shows Microsoft are still keen on MSN Messenger users and will support critical updates for the program. I expect a new build for MSN Messenger will be available within the near future.
Last Saturday I posted about a Yahoo! Messenger vulnerability which targeted webcam users. Yahoo! have now released a security update fixing the exploit. Users are recommended to upgrade to the new 8.1.0.416 build.
>> Source: Yahoo! Messenger blog
Even if you installed Yahoo! Messenger as recently as August 20th, 2007 you may not have the very latest version.
You can check to see if you have the latest version by clicking the 'Help' menu option at the top right of your Yahoo! Messenger window, and then clicking 'About Yahoo! Messenger' or 'Check for Updates'.
If your Yahoo! Messenger version number is 8.1.0.416 (or higher) then you have the latest and do not need to take any immediate action. If you are running anything lower than 8.1.0.416 then please upgrade to the latest version.
You can check to see if you have the latest version by clicking the 'Help' menu option at the top right of your Yahoo! Messenger window, and then clicking 'About Yahoo! Messenger' or 'Check for Updates'.
If your Yahoo! Messenger version number is 8.1.0.416 (or higher) then you have the latest and do not need to take any immediate action. If you are running anything lower than 8.1.0.416 then please upgrade to the latest version.
>> Source: Yahoo! Messenger blog
The Yahoo! Messenger webcam feature has had security problems in the past resulting in a minor security update. This week a similar issue has been noted by McAfee warning Yahoo! Messenger users of a possible exploit:
Although there are no known cases of this security hole being misused, I can't help but feel McAfee have made the situation worse by making the details public. Then again you could argue I am at fault for doing the same. If you are a Yahoo! Messenger user be careful accepting webcam invites until the issue is fixed.
>> View the post at avertlabs
It seems like a classic heap overflow which can be triggered when the victim accepts a webcam invite. Note that this vulnerability is different from the recently patched one in June which exploited the Yahoo! Webcam ActiveX controls.
We've been able to reach Yahoo! security team and have informed them about this issue.
We recommend the following to users using Yahoo! Messenger Webcam:
We've been able to reach Yahoo! security team and have informed them about this issue.
We recommend the following to users using Yahoo! Messenger Webcam:
- Don't accept webcam invites from untrusted sources until a patch for this is released.
- It's advisable to block outgoing traffic on TCP port 5100 until the vendor patches this vulnerability.
Although there are no known cases of this security hole being misused, I can't help but feel McAfee have made the situation worse by making the details public. Then again you could argue I am at fault for doing the same. If you are a Yahoo! Messenger user be careful accepting webcam invites until the issue is fixed.
>> View the post at avertlabs