Just a quicky ... nice hole in MSN for you:-

http://tom.me.uk/msn/demo.html

time to uninstall ?

alternatives:-

http://messenger.yahoo.com/
http://www.icq.com/

hmmm i bet there is same sort of thing with everything you use tho

AIM and ICQ both recently were found to have holes in them as well.

the MSN bug is actually an IE hole

yep

they are all bad

i have friends who keep seperate machines
which they hook into dial ups on their phone lines
because they work from home
and cant risk the networks

ah well thats why i am glad i have a mac :p:

mine says

1) Log into MSN

OR reset IE settings to default

did both still couldnt get in? but i did install about 12MB of Security Updates Friday

What does this message mean then?

Sorry, this example is IE4+ only.
Non-IE browsers do not have this vulnerabilty.
[OK]

Oh. I'm sorry, I must be using Netscape. :)
Also add in the simple procedure I followed to remove Windows Messenger from my WinXP installation and I am starting to feel like gloating a bit.

(Gloat) (Gloat) (Gloat)

Thats enough gloating. As Jazza2 said, most of the popular IM clients have some sort of vulnerability in them.
If you use MSN, Yahoo, AIM or ICQ or even all of them, then maybe consider using Trillian [ http://www.ceruleanstudios.com/index.html ].
It isn't a perfect solution as I believe it has some security issues itself.

Oh well.

Click the MSN button below and IE will load another window containing the MSN Messenger ActiveX objects, but in the My Computer security zone. I then have full access to your contact list - including sending messages without you knowing. Sending files is also possible.

I know I'll just not click on that button! :p:
And if he can get any messenger service to send a file from my home PC then good luck to him since Homechoice has a server side firewall which prevents the outgoing file transfer from working on MSN, YAHOO! and ICQ.

And there was a document.open security fix about a week ago.

Originally posted by Dwarf_Pr0n
And there was a document.open security fix about a week ago.

Got a patched one here - it still does it :p:

btw, its hard to point out to those who dont use it, what a PITA this is. If you've ever tried explaining to ALL of your contacts why they really need to change, then you'll see what i mean.

It's another "poor design" floor by MS this one. I think it's about time they thought about the design issues and integration issues rather than "we fixed 9 million buffer overflows" etc etc.

btw Office XP rocks ... was using it exensively for the first time last night. Previously I was a LaTeX + Word 2000 whore ;)

I'd rather them deal with buffer over flows than security fixes.
I prefer my PC to work generally. If I had anything of interest on my PC then I might be more bothered about security but since it's basically a PC for playing games I don't really care is someone sends messages from my MSN or ICQ.

The recipients might.

btw, design floors are likely to be much more dangerous and easier to exploit. For example, the SQL server "shell" exploit which allowed shell commands to be run as Administrator from any SQL query bypassing ACLs. Crashing the server process (which would normally recover anyway) via a buffer overflow is potentially less destructive than executing what the attacker likes on your server.

You'll learn one day. Sounds like it might be the hard way.

Yeah. In 5 years I haven't been hacked and only got a virus once from my mates PC when we networked them. What did I do?!?
Format the hard drive, big problem, oh wait it wasn't.
It's people that put these warnings up that fuels peoples paranoid views about PC's and gives the hackers something to laugh about.
If you want to be safe keep offline and don't switch your PC on. Otherwise just take your own measures to prevent it and let other people do it their own way and use what they want.

*Ramble over*

And Codered (which affects a crap load of desktop machines too - thanks to poor OEM installs) isn't enough of a warning? For example, Sony laptop win2k OEM install on F707s has IIS installed. Plug into ISP, CodeRed ownage instantly (it takes about 10 mins before the scans start normally). CodeRed II is more destructive too.

YOU wont get hacked but that MSN Messenger vulnerability is major worm-sign (excuse the Dune quote) if someone works out how to do somthing funky with it.

Oh and the outlook worms.

Oh and word viruses (which have caused lots of crap in the past).

Oh and IE clipboard stealing.

the list is endless...

Just because you are so secure in mind, doesnt mean you wont get ass raped by something. And one day you'll lose work, a project or something... then you'll be pissed.

I have, i learned ;)

People! Please get some English skillz... its 'design flaw' not 'design floor'.

good point....

not enough red bull for me this morning ;)

this forum makes usenet look nice:-

- 1 person to flame
- 5 spams
- 2 clueless people
- 1 pedantic spelling person
- 1 person flaming the pedantic spelling person
- 84 pointless posts
- 1 partridge in pear tree...

An up to date virus checker is my saviour.
If that doesn't stop/get rid of viruses then a format it is.
I don't have any important work on my PC that isn't backed up on CD's.

Now all you need is a virused backup :)

Yep and then I'm sorted :D

heh I actually know someone who did that with a Word Macro virus. It was "amusing" to say the least ;)

Just to add ... theres a worm *already*!

http://www.theregister.co.uk/content/4/24059.html

ohh a new one diddent know there were 2 urls =) i found the same thing when someone told me the url on wedsday on irc, yes thats right i went to it and was infultraded from behind and the worm started spamming ppl on my msn list but because im 1337 i was not overcome for long :D