Tag - microsoft
Although it doesn't always seem like it, the Windows Live Messenger team like to take care of their customers. Getting someone in at the weekend to remove a stupid message block and now explaining what went wrong.
Dharmesh Mehta, a lead on the Windows Live Messenger product management team who's emerging as something of a regular poster at MessengerSays (the official Windows Live Messenger team blog), has given an apology and some details of why YouTube was blocked for several hours last weekend.
The main things that worry me about what is said here are:
- one, how much of our messages are this third party seeing - there are severe privacy issues surrounding this, do the company only get sent URLs that appear in messages or all of our messages? how much control does Microsoft have over this? and why if "manually checking the URL" happens did someone still think to block YouTube.com?;
- and two, why does it take an uproar like this to get a website "unblocked" - while other legitimate websites are still blocked.
>> Post at "Inside Windows Live Messenger" blog (aka MessengerSays)
>> Send the Messenger team feedback
Dharmesh Mehta, a lead on the Windows Live Messenger product management team who's emerging as something of a regular poster at MessengerSays (the official Windows Live Messenger team blog), has given an apology and some details of why YouTube was blocked for several hours last weekend.
As some of you noticed, we had a problem from Friday night to Saturday morning where our Messenger service was incorrectly blocking some legitimate IP addresses. We sincerely apologize for any difficulties this caused our users. And we want to thank those of you that reported this problem to us so that we could quickly fix it. Because of your help, the incorrect block was only in place for a few hours.
As you can imagine, we are very serious about our efforts to block virus, malware and other harmful URLs from being passed on to our users. And we're continually working to improve this process so that we can keep our users safe without having a negative impact on your Messenger service.
There have been some pretty outlandish speculations on what happened so I'd like to give you some facts about our process for trying to block unsafe URLs and about what happened Friday night:
As always, we're open to feedback on how to make Messenger an even greater service. And again, our apologies to the users that were impacted by this.
As you can imagine, we are very serious about our efforts to block virus, malware and other harmful URLs from being passed on to our users. And we're continually working to improve this process so that we can keep our users safe without having a negative impact on your Messenger service.
There have been some pretty outlandish speculations on what happened so I'd like to give you some facts about our process for trying to block unsafe URLs and about what happened Friday night:
- There are a number of factors that can be used to determine whether a URL is potentially harmful: number of times a URL is sent, the frequency of the URL being sent, the number of accounts the URL is sent from, manually checking the URL, comparing with other "block lists", etc.
- When a URL is deemed harmful, a block can be instated for a specific URL (i.e. www.domain.com/page) or an entire domain (i.e. *.domain.com)
- This entire process for Messenger is managed by a 3rd party that is a Microsoft partner
- On Friday, Microsoft did not request to block any of the URLs that were accidentally blocked
The blocks were made by our partner as a result of their process to block harmful URLs - We are still investigating the specific reason our partner made these incorrect blocks and we will work with them to improve their process for detecting harmful URLs while not blocking safe ones
As always, we're open to feedback on how to make Messenger an even greater service. And again, our apologies to the users that were impacted by this.
The main things that worry me about what is said here are:
- one, how much of our messages are this third party seeing - there are severe privacy issues surrounding this, do the company only get sent URLs that appear in messages or all of our messages? how much control does Microsoft have over this? and why if "manually checking the URL" happens did someone still think to block YouTube.com?;
- and two, why does it take an uproar like this to get a website "unblocked" - while other legitimate websites are still blocked.
>> Post at "Inside Windows Live Messenger" blog (aka MessengerSays)
>> Send the Messenger team feedback
Censoring messages is nothing new for Windows Live Messenger. It was introduced as a security measure and blocked websites leading to various viruses that were spreading across the network. This was of course a good idea, in the years that notorious viruses plagued users these measures were necessary and the system appeared to have worked.
However, implemention of the system was criticized as it slowed down conversations due to its sloppy programming. Using phrases like '.pif' would end group conservations, paving the way for hijacking multi-conservations your friends were trying to have.
However it was when Microsoft blocked all .info domains being sent over the network that the system came under heavy scrutiny. Then the andyman discovered the list of blocked strings and websites within Messenger, including services that were found clean and virus free. In recent weeks links were blocked to the hit web messenger eBuddy.
Now Fanatic Live have discovered links to YouTube have now been blocked. The reason? We're not sure, but the website has nothing to do with viruses or any other security issues.
With all the talk of net neutrality and criticisms over countries blocking access to the website this is going to portray Microsoft in a bad light. Moreover as YouTube is owned by Google one could question weather Microsoft is trying to create direct competition with their new video service Soapbox. Microsoft have just received a $1.4bn fine for their anti-competitive behavior.
The worrying thing, however, is that this is probably not the end ...
However, implemention of the system was criticized as it slowed down conversations due to its sloppy programming. Using phrases like '.pif' would end group conservations, paving the way for hijacking multi-conservations your friends were trying to have.
However it was when Microsoft blocked all .info domains being sent over the network that the system came under heavy scrutiny. Then the andyman discovered the list of blocked strings and websites within Messenger, including services that were found clean and virus free. In recent weeks links were blocked to the hit web messenger eBuddy.
Now Fanatic Live have discovered links to YouTube have now been blocked. The reason? We're not sure, but the website has nothing to do with viruses or any other security issues.
With all the talk of net neutrality and criticisms over countries blocking access to the website this is going to portray Microsoft in a bad light. Moreover as YouTube is owned by Google one could question weather Microsoft is trying to create direct competition with their new video service Soapbox. Microsoft have just received a $1.4bn fine for their anti-competitive behavior.
The worrying thing, however, is that this is probably not the end ...
I just read a very interesting post at BigBlueBall, who have discovered that Microsoft have patented instant messaging on your television. Jeff posted:
I myself wouldn't use the feature; I don't see how it can be successfully implemented worldwide and be made convenient. Let's just wait and see though.
>> Source: BigBlueBall - Microsoft patents instant messaging on your TV
>> View the patent application
Now Microsoft plans to extend that with a patent that proposes integrating instant messaging and television to create a social experience. Of course, the instant messaging system would connect you to your friends, but it could also track what shows you watch and share your interests with them. People could also use the system to remotely view or control their media devices, instructing their DVR to record a TV show from work, for example.
I myself wouldn't use the feature; I don't see how it can be successfully implemented worldwide and be made convenient. Let's just wait and see though.
>> Source: BigBlueBall - Microsoft patents instant messaging on your TV
>> View the patent application
After the recent news that Microsoft is now censoring users of its instant messaging software from receiving messages containing .info, as well as things like .pif which they were already blocking, I decided to do some research to find out what else they think could pose a security risk to you and your computer and censor.
The list of blocked strings is stored on the Messenger servers so that it can be quickly downloaded to instantly update your Messenger with any new entries without you having to download a whole new version. After playing around a bit with the Messenger protocol (aka MSNP) I managed to retrieve the list from the servers.
Unless there was a problem downloading the list, which there didn't appear to, the Messenger team have started removing the end of lots of strings - presumably to try and stop even more bad site links getting sent. For example .p used to be .pif and .s used to be .scr and on several other strings .ph used to be .php, .e used to be .exe and .c used to be .com.
Because the list currently contains 124 entries I've made an image containing them all. This also means that you cannot easily copy the text to try and visit any of the URLs in the list which would potentially end in your computer being infected with some kind of virus, adware, spyware or worm, or expose you to phishing scams.
>> View the image of the list of censored strings
>> If you want to find out more about how these entries are used or why the .* in some strings actually slows your computer down then there is a discussion expanding upon these ideas started by TheBlasphemer, the creator of StuffPlug, over at the StuffPlug forums.
The list of blocked strings is stored on the Messenger servers so that it can be quickly downloaded to instantly update your Messenger with any new entries without you having to download a whole new version. After playing around a bit with the Messenger protocol (aka MSNP) I managed to retrieve the list from the servers.
Unless there was a problem downloading the list, which there didn't appear to, the Messenger team have started removing the end of lots of strings - presumably to try and stop even more bad site links getting sent. For example .p used to be .pif and .s used to be .scr and on several other strings .ph used to be .php, .e used to be .exe and .c used to be .com.
Because the list currently contains 124 entries I've made an image containing them all. This also means that you cannot easily copy the text to try and visit any of the URLs in the list which would potentially end in your computer being infected with some kind of virus, adware, spyware or worm, or expose you to phishing scams.
>> View the image of the list of censored strings
>> If you want to find out more about how these entries are used or why the .* in some strings actually slows your computer down then there is a discussion expanding upon these ideas started by TheBlasphemer, the creator of StuffPlug, over at the StuffPlug forums.
The Messenger team have gone crazy with security now. They have entered a huge paranoid state which requires sloppy programming to prevent viruses spreading across the Messenger network. They have blocked all URLs containing the popular .info domain.
This is their response to the vast amount of viruses spreading using URLs containing '.info'. However, instead of blocking domains by a case by case basis, Microsoft has blocked millions of useful webpages by suggesting that all .info domains are dangerous! This is a typical example of sloppy, rushed programming.
I find this surprising after an article got some attention about Microsoft already censoring messages containing .pif, download.php or staff.php, but this is really pushing it. I wonder whose decision it was to block all .info domains being sent over Messenger?
This paranoid attitude to scanning messages on both the client and server side is also causing Messenger to act slow and even freeze up! There must be some real poor programmers developing Messenger and I have no idea why Microsoft has done nothing about this.
>> Source: mess.be
This is their response to the vast amount of viruses spreading using URLs containing '.info'. However, instead of blocking domains by a case by case basis, Microsoft has blocked millions of useful webpages by suggesting that all .info domains are dangerous! This is a typical example of sloppy, rushed programming.
I find this surprising after an article got some attention about Microsoft already censoring messages containing .pif, download.php or staff.php, but this is really pushing it. I wonder whose decision it was to block all .info domains being sent over Messenger?
This paranoid attitude to scanning messages on both the client and server side is also causing Messenger to act slow and even freeze up! There must be some real poor programmers developing Messenger and I have no idea why Microsoft has done nothing about this.
>> Source: mess.be