Re: MSN Messenger Users Be Sure To Read This
- From: "John Miller" <n1umj@xxxxxxxxxxx>
- To: <jfw@xxxxxxxxxxxxx>
- Date: Sun, 13 Feb 2005 23:15:43 -0500
I did, as of a month ago, no luck. I'll try again when I have free time.
----- Original Message -----
From: "jim grimsby" <jimgrims@xxxxxxxxxxx>
To: <jfw@xxxxxxxxxxxxx>
Sent: Sunday, February 13, 2005 8:46 PM
Subject: RE: MSN Messenger Users Be Sure To Read This
> Yes it does and it has been working for quite some time install the plug =
> in
> that ships with the scripts and it will work that is why I have provided =
> it.
>
>
> -----Original Message-----
> From: jfw-bounce@xxxxxxxxxxxxx [mailto:jfw-bounce@xxxxxxxxxxxxx] On =
> Behalf
> Of John Miller
> Sent: Sunday, February 13, 2005 6:01 AM
> To: jfw@xxxxxxxxxxxxx
> Subject: Re: MSN Messenger Users Be Sure To Read This
>
>
> I'd use that too but it doesn't work with yahoo messenger unless they =
> fixed=20
> it but it sure wasn't working a month ago.
> ----- Original Message -----=20
> From: "jim grimsby" <jimgrims@xxxxxxxxxxx>
> To: <jfw@xxxxxxxxxxxxx>
> Sent: Sunday, February 13, 2005 3:46 AM
> Subject: RE: MSN Messenger Users Be Sure To Read This
>
>
>> Hi, I use miranda it works with everything I need and does not bug me=20
>> =3D about updates lol.
>>
>> -----Original Message-----
>> From: jfw-bounce@xxxxxxxxxxxxx [mailto:jfw-bounce@xxxxxxxxxxxxx] On =
> =3D=20
>> Behalf Of John Miller
>> Sent: Saturday, February 12, 2005 4:04 PM
>> To: jfw@xxxxxxxxxxxxx
>> Subject: Re: MSN Messenger Users Be Sure To Read This
>>
>>
>> that's why I use windows messenger, that way I don't get the updates=20
>> all =3D the
>>
>> time and all. I don't miss MSN messenger at all.
>> ----- Original Message -----=3D20
>> From: "Rose Combs" <rosecombs@xxxxxxxxx>
>> To: <jfw@xxxxxxxxxxxxx>
>> Sent: Saturday, February 12, 2005 6:01 PM
>> Subject: RE: MSN Messenger Users Be Sure To Read This
>>
>>
>>> Well, I turned on my computer at nine this morning and it was =
> OK,=3D20=20
>>> needed to perform a reboot at two this afternoon trying to fix=20
>>> another =3D
>>
>>> problem and was getting MSN messenger messages all in my face when=20
>>> I=3D20 was trying to do something different, then when I went to =
> check=20
>>> my=3D20 local weather, my home page was changed and more than =
> anything=20
>>> that=3D20 annoys me, tell me to update, do it automatically, bug me =
> if=20
>>> you must=3D20 but don't switch my home page to MSN every time I do an =
>
>>> update.
>>>
>>> I never really use the service, installed it a few weeks ago when=20
>>> my=3D20 husband did his for a class he was taking, have no real=20
>>> contacts to=3D20 speak of and don't have a clue how to get them,=20
>>> providing I have time.
>>>
>>>
>>>
>>> Rose Combs
>>> rosecombs@xxxxxxxxx
>>> rmcombs@xxxxxxxxxxx
>>> -----Original Message-----
>>> From: jfw-bounce@xxxxxxxxxxxxx [mailto:jfw-bounce@xxxxxxxxxxxxx]=20
>>> On=3D20 Behalf Of Jack Lowe
>>> Sent: Saturday, February 12, 2005 6:08 AM
>>> To: jfw@xxxxxxxxxxxxx
>>> Subject: Re: MSN Messenger Users Be Sure To Read This
>>>
>>>
>>> Thanks David, this was interesting. What's even more interesting=20
>>> is=3D20 that I've not had to upgrade anything with MSN. It's=20
>>> Saturday=3D20 morning, and I've been able to log in to MSN without=20
>>> being asked to upgrade to another version. So, where's this alleged=20
>>> MSN upgrade that we all supposedly must
>>> do before we can log on? Jack
>>> ----- Original Message -----=3D20
>>> From: "david the wild-thing" <d.h.whitehead@xxxxxxxxxxxx>
>>> To: "jfw-list" <jfw@xxxxxxxxxxxxx>
>>> Sent: Saturday, February 12, 2005 7:51 AM
>>> Subject: MSN Messenger Users Be Sure To Read This
>>>
>>>
>>>> Hi, I no this is off topic, however, I think some people may =
> find=3D20=20
>>>> this
>>>
>>>> interesting.
>>>>
>>>>
>>>>>>> If you've been having problems logging on to MSN Messenger, =
> be=3D20=20
>>>>>>> sure
>>>
>>>>>>> to read this article. Ryan Naraine - eWEEK
>>>>>>> Microsoft Corp. on Friday lashed out at two security =
> research=3D20=20
>>>>>>> firms
>>> for
>>>>>>> publishing
>>>>>>> proof-of-concept exploit code for MSN Messenger hours after
>>> Microsoft
>>>>>>> for
>>>>>>> the product.
>>>>>>> In one instance, the software giant said malicious hackers=20
>>>>>>> have=3D20 modified the proof-of-concept
>>>>>>> code into an exploit that puts millions of users at risk of code
>>>>>>> execution
>>>>>>> attacks
>>>>>>> that require no user interaction.
>>>>>>> Moving swiftly to blunt an attack, Microsoft has decided to push
>>> out
>>>>>>> patched
>>>>>>> versions
>>>>>>> of MSN Messenger as a mandatory update. As of Thursday evening,
>>> users
>>>>>>> of
>>>>>>> the
>>>>>>> popular
>>>>>>> instant messaging client must update to MSN Messenger version
>>> 6.2.0205
>>>>>>> or
>>>>>>> the MSN
>>>>>>> Messenger 7.0 beta before they are allowed to log on. "When=20
>>>>>>> the=3D20 vulnerability was announced this week we initially
>>> introduced
>>>>>>> an
>>>>>>> optional
>>>>>>> upgrade and had plans to make the upgrade mandatory," a=20
>>>>>>> Microsoft=3D20 spokesperson said. "But when we learned that=20
>>>>>>> detailed exploit code =3D
>>
>>>>>>> had been published
>>> on
>>>>>>> the
>>>>>>> Internet
>>>>>>> we felt the need to take decisive action."
>>>>>>> According to the exploit code seen by eWEEK.com, an attacker need
>>> only
>>>>>>> load
>>>>>>> a malicious
>>>>>>> PNG (Portable Network Graphics) file as a buddy icon to launch=20
>>>>>>> an=3D20 attack against every MSN Messenger user on a buddy list.
>>>>>>> Core Security Technologies, the research company that found and
>>>>>>> reported
>>>>>>> the
>>>>>>> flaw,
>>>>>>> confirmed that the published exploit code could be used to launch
>>> blind
>>>>>>> attacks.
>>>>>>> "The target doesn't even have to communicate with the attacker.
>>> Once
>>>>>>> the
>>>>>>> attacker
>>>>>>> has the target's MSN Messenger contact on his contact list, he=20
>>>>>>> can =3D
>>
>>>>>>> launch an attack
>>>>>>> without the target even knowing," said Max Caceres, director of
>>> product
>>>>>>> management
>>>>>>> at Core Security.
>>>>>>> Even worse, Caceres told eWEEK.com that the attacker could take
>>> control
>>>>>>> of
>>>>>>> the infected
>>>>>>> machine and change the target's display to replicate the attack
>>> against
>>>>>>> everyone
>>>>>>> on that buddy list.
>>>>>>> "This could lead to a massive, widespread attack unless all=20
>>>>>>> MSN=3D20 Messenger users apply the upgrades," he said.
>>>>>>> Microsoft late Thursday released a to warn customers of the risk.
>>> The
>>>>>>> company also
>>>>>>> provided in a separate notice for both consumer and enterprise=20
>>>>>>> MSN =3D
>>
>>>>>>> Messenger users.
>>>>>>> Microsoft pinned the blame for the exploit code squarely on the=20
>>>>>>> shoulders of Core
>>>>>>> Security, alleging that the public exploit is based on
>>> proof-of-concept
>>>>>>> code
>>>>>>> released
>>>>>>> by the Mass.-based information security firm.
>>>>>>> [Core Security] published proof-of-concept code on the=20
>>>>>>> Internet=3D20 the
>>>
>>>>>>> same
>>>>>>> day
>>>>>>> Microsoft
>>>>>>> issued Security Bulletin MS05-009 to resolve the issue. =
> Since=3D20=20
>>>>>>> then,
>>> a
>>>>>>> separate individual
>>>>>>> has modified the posted code into exploit code," Microsoft said=20
>>>>>>> in
>>> a
>>>>>>> strongly worded
>>>>>>> statement.
>>>>>>> "[T]he publishing of proof-of-concept code within hours of the
>>> security
>>>>>>> updates being
>>>>>>> made available has put customers at increased risk." Caceres=3D20 =
>
>>>>>>> dismissed the Microsoft accusation and pointed out that=20
>>>>>>> engineers=3D20 at Core Security worked closely with Microsoft =
> since=20
>>>>>>> reporting the vulnerability
>>>>>>> in
>>>>>>> August
>>>>>>> 2003.
>>>>>>> "We worked with Microsoft for six months to develop this patch. =
> We
>>>>>>> waited
>>>>>>> until they
>>>>>>> released the fix before we published our advisory," Caceres said,
>>>>>>> arguing
>>>>>>> that it
>>>>>>> is common procedure to provide proof-of-concept code to let
>>> businesses
>>>>>>> determine
>>>>>>> whether their systems are secure.
>>>>>>> Core Security's contained a ZIP-compressed image of a=20
>>>>>>> malformed=3D20 PNG
>>>
>>>>>>> file
>>>>>>> that was
>>>>>>> intended to allow MSN Messenger users to check to see if they=20
>>>>>>> were =3D
>>
>>>>>>> vulnerable. "We're in the business of getting people to=20
>>>>>>> understand =3D
>>
>>>>>>> how secure
>>> their
>>>>>>> systems are
>>>>>>> and to help them test to see if they are vulnerable. Our=3D20=20
>>>>>>> proof-of-concept is used for those tests. It is not to be used by =
>
>>>>>>> an attacker to =3D
>> arbitrarily
>>>>>>> control
>>>>>>> a target,"
>>>>>>> Caceres said.
>>>>>>> But Microsoft isn't buying that explanation. "A common practice
>>> among
>>>>>>> responsible
>>>>>>> researchers is to wait a reasonable period of time before
>>> publishing
>>>>>>> such
>>>>>>> code .
>>>>>>> Microsoft is disappointed computer users were not given a
>>> reasonable
>>>>>>> opportunity
>>>>>>> to safeguard their computing environments."
>>>>>>> As part of the new plan to make the upgrade mandatory, all =
> MSN=3D20=20
>>>>>>> Messenger users who attempt to log into the system with a=20
>>>>>>> vulnerable version of the
>>> client
>>>>>>> will
>>>>>>> be told
>>>>>>> they need to upgrade in the coming days or they will no longer be
>>> able
>>>>>>> to
>>>>>>> use the
>>>>>>> service with that vulnerable client.
>>>>>>> MSN Messenger users running vulnerable clients will receive=3D20=20
>>>>>>> "toast" warnings about the vulnerability and directed to a They=20
>>>>>>> will not be able to log
>>> into
>>>>>>> the
>>>>>>> Messenger
>>>>>>> service until they accept that upgrade. MSN also plans to
>>> communicate
>>>>>>> with
>>>>>>> users
>>>>>>> via security update via links on MSN properties and Web sites.=20
>>>>>>> How =3D
>>
>>>>>>> to Protect Against an Exploit: MSN Messenger users should =
> make=3D20=20
>>>>>>> sure their Windows and MSN
>>> Messenger
>>>>>>> software is
>>>>>>> current with the released on Feb. 8. The latest versions of=20
>>>>>>> MSN=3D20 Messenger can be Alternatively, users can install an=20
>>>>>>> evaluation copy (beta release)
>>> of
>>>>>>> the
>>>>>>> new MSN
>>>>>>> Messenger 7.0, which is not targeted by the exploit code.=3D20=20
>>>>>>> Enterprise businesses should consider removing and blocking=20
>>>>>>> MSN=3D20 Messenger from their environments. If this is not=20
>>>>>>> feasible, they should make sure every installed
>>>>>>> version
>>>>>>> of Windows and MSN Messenger is current with the latest security
>>>>>>> updates.
>>>>>>> MSN Messenger is not intended for corporate environments and
>>> Microsoft
>>>>>>> recommends
>>>>>>> uninstalling the client from a business network. Corporate=20
>>>>>>> clients =3D
>>
>>>>>>> should switch
>>>>>>> to Windows Messenger, which is included with Windows. Corporate=20
>>>>>>> users should also consider This can be done by blocking outbound
>>>>>>> access
>>>>>>> to TCP port 1863 and blocking HTTP access to =3D
>> messenger.hotmail.com.
>>>>>>> Check out eWEEK.com's for the latest security news, reviews and=20
>>>>>>> analysis. And for
>>>>>>> insights on security coverage around the Web, take a look at
>>> eWEEK.com
>>>>>>> Security Center
>>>>>>> Editor
>>>>
>>>>
>>>> --
>>>> To post a message to the list, send it to jfw@xxxxxxxxxxxxx To=3D20=20
>>>> unsubscribe from this mailing list, send a message to=3D20=20
>>>> jfw-request@xxxxxxxxxxxxx with the word unsubscribe in the=20
>>>> subject=3D20 line. Archives located at:=20
>>>> //www.freelists.org/archives/jfw
>>>>
>>>> If you have any concerns about the list, post received from the=20
>>>> list, =3D
>>
>>>> or the way the list is being run, do not post them to the list.=3D20 =
>
>>>> Rather contact the list owner at jfw-admins@xxxxxxxxxxxxxx
>>>
>>> --
>>> To post a message to the list, send it to jfw@xxxxxxxxxxxxx To=3D20=20
>>> unsubscribe from this mailing list, send a message to=3D20=20
>>> jfw-request@xxxxxxxxxxxxx with the word unsubscribe in the =
> subject=3D20=20
>>> line. Archives located at: //www.freelists.org/archives/jfw
>>>
>>> If you have any concerns about the list, post received from the=20
>>> list,=3D20 or the way the list is being run, do not post them to the=20
>>> list. Rather =3D
>>
>>> contact the list owner at jfw-admins@xxxxxxxxxxxxxx
>>>
>>>
>>>
>>> --
>>> To post a message to the list, send it to jfw@xxxxxxxxxxxxx To=3D20=20
>>> unsubscribe from this mailing list, send a message to=3D20=20
>>> jfw-request@xxxxxxxxxxxxx with the word unsubscribe in the =
> subject=3D20=20
>>> line. Archives located at: //www.freelists.org/archives/jfw
>>>
>>> If you have any concerns about the list, post received from the=20
>>>list,=3D20 or the way the list is being run, do not post them to the =
>
>>>list. Rather=3D20 contact the list owner at jfw-admins@xxxxxxxxxxxxxx
>>>=3D20
>>
>>
>> --
>> To post a message to the list, send it to jfw@xxxxxxxxxxxxx To=20
>> unsubscribe from this mailing list, send a message to=20
>> jfw-request@xxxxxxxxxxxxx with the word unsubscribe in the subject=20
>> line. Archives located at: //www.freelists.org/archives/jfw
>>
>> If you have any concerns about the list, post received from the list,=20
>> or =3D the way the list is being run, do not post them to the list.=20
>> Rather contact =3D the
>> list owner at jfw-admins@xxxxxxxxxxxxxx
>>
>>
>> --
>> To post a message to the list, send it to jfw@xxxxxxxxxxxxx To=20
>> unsubscribe from this mailing list, send a message to=20
>> jfw-request@xxxxxxxxxxxxx with the word unsubscribe in the subject=20
>> line. Archives located at: //www.freelists.org/archives/jfw
>>
>> If you have any concerns about the list, post received from the list,=20
>> or
>> the way the list is being run, do not post them to the list. Rather=20
>> contact the list owner at jfw-admins@xxxxxxxxxxxxxx
>>=20
>
>
> --
> To post a message to the list, send it to jfw@xxxxxxxxxxxxx
> To unsubscribe from this mailing list, send a message to
> jfw-request@xxxxxxxxxxxxx with the word unsubscribe in the subject line.
> Archives located at: //www.freelists.org/archives/jfw
>
> If you have any concerns about the list, post received from the list, or =
> the
> way the list is being run, do not post them to the list. Rather contact =
> the
> list owner at jfw-admins@xxxxxxxxxxxxxx
>
>
> --
> To post a message to the list, send it to jfw@xxxxxxxxxxxxx
> To unsubscribe from this mailing list, send a message to
> jfw-request@xxxxxxxxxxxxx with the word unsubscribe in the subject line.
> Archives located at: //www.freelists.org/archives/jfw
>
> If you have any concerns about the list, post received from the list, or
> the way the list is being run, do not post them to the list. Rather
> contact the list owner at jfw-admins@xxxxxxxxxxxxxx
>
--
To post a message to the list, send it to jfw@xxxxxxxxxxxxx
To unsubscribe from this mailing list, send a message to
jfw-request@xxxxxxxxxxxxx with the word unsubscribe in the subject line.
Archives located at: //www.freelists.org/archives/jfw
If you have any concerns about the list, post received from the list, or the
way the list is being run, do not post them to the list. Rather contact the
list owner at jfw-admins@xxxxxxxxxxxxxx
Other related posts:
