I have been having problems with my stealth setting for about a week now. Apparently when I have all users set to invisible it works fine. Also when I go available everything appears to work fine. The problems is when I set a custom message all of a sudden the users that I have individually set to offline can see me. I have not been able to reproduce the results myself but it is starting to become a problem as people that I would rather not talk to IM me now. Anyone else run into this? Is this another bug?

I was quickly flipping through the latest issue of 2600 (http://www.2600.com/) when I came upon a very interesting article entitled “iPod Sneakiness.” It basically explained how one could trick a computer user into coughing up some valuable information just by attaching their iPod to that computer. We have all see the autorun message when you plug a USB storage device into your computer. The author simply wrote his own autorun program that captures passwords and other goodies on the victim’s machine.

What really got me going was one of the programs he used once in the user’s machine. He used MessenPass (http://www.nirsoft.net/utils/mspass.html) published by nirsoft. I researched the utility and low and behold, it worked great. The best part, its free! I have been looking for this for quite some time, guess I never turned over the right rock. If you need a utility to crack Yahoo! passwords then this is a must have.

P.S. I am still looking for the source code that shows me how this is done. More information can be found on the Help Wanted page.

It is interesting how sometimes the most useful information is found right under your noise. This is the case when I innocently followed a link in the Yahoo! Messenger about dialogue box to the Messenger copyright notices page (http://messenger.yahoo.com/copyright.php). Now you might be wondering how this hard to read bunch of mumbo jumbo can be of any use at all. The devil is in the details and I soon found this to be a treasure trove of information.

It is well known that all the Messenger source code is locked up tight at Yahoo! Headquarters. But there is a legal loophole that may shed some light on what is under the programming hood of Messenger. Under most public copyright agreements, it is perfectly fine to use another’s code as long as the original author is given credit. This usually takes form as a comment in code if the source code is distributed or a copy write notice if the code is not available. In the case of Messenger, the code is not distributed and Yahoo! therefore has to credit all the public code that it uses. Long story short, the copy write page gives us information as to some of the code in Messenger. It also gives us an idea as to some possible security vulnerabilities. If a vulnerability is found in some third-party code and Yahoo! has used that code, Yahoo! Messenger is also most likely susceptible to that vulnerability. We should all keep an eye out for vulnerabilities in the code used in Messenger.

Here are a few interesting tidbits that I found.

“Socks Firewall Library © 1996-1998 Distinct Corporation http://www.distinct.com”. Distinct apparently makes software for proxies among other things. This is noticeable when you open Messenger preferences>connections and see proxy settings. Distinct even had this to say on their homepage. “Yahoo! Inc., a leading Internet media company, has licensed Distinct’s reusable components to socks-enable the latest version of Yahoo! Pager! a messaging program that allows users to communicate instantly with friends, family, colleagues, and others over the Internet. “Some of our users were behind corporate firewalls at their workplaces and wanted to but were unable to use Yahoo! Pager,” said Brian Park, producer of Yahoo! Pager, Yahoo! Inc. “Together with Distinct, we were able to offer our users an ideal solution enabling them to connect to Yahoo! Pager, and to do so both quickly and reliably”.”

“This software is based in part on the work of the Independent JPEG Group.” I have seen this in just about every piece of software that uses JPG’s. It is fairly standard.

“Portions of this software are © 1996-2005 RADVISION Ltd.” Radvision (http://www.radvision.com/) is a company that specializes in video conferencing, video telephony, and the development of converged voice, video and data over IP and 3G networks. Apparently Yahoo! contracted Radvision to work on their voice over IP solution, aka Make Calls From Your PC.

“OSSP uuid – Universally Unique Identifier” (http://www.ossp.org/pkg/lib/uuid/). Uuid is an open source project that produces, you guessed it uuid’s. I’m not really sure where this could be used. Perhaps the MD5 hash seed or making uuid’s for Messenger DLL’s? If anyone has a clue let me know.

“Copyright (c) 1998-2003 The OpenSSL Project” (http://www.openssl.org). This one could also be anything from producing a secure connection when you check your mail to who knows what else. Let me know of some good ideas.

“The Vovida Software License, Version 1.0” (http://www.vovida.org/). This looks to be another open source project focusing on VoIP.

This is all the information I could gleam off the site in under two hours. If you know of any other related software please let me know.

I haven’t really given the YMSG protocol a serious look in over a year. This changed when I had a patron ask for some source code. Not wanting to give the old code form protocol version 12 I decided to rebuild the program (this was also the very first large program, more than 30 lines, that I had ever written so it was a little rough around the edges). I fired up good ole’ trusty Ethereal and found something quite odd. Messenger was now communicating on port 119 and not 5050. This of course completely screwed with Ethereal as 119 is the default NNTP port. To make things a bit more confusing, I ran another capture on a separate machine and it used 5050. I still have to do some more research but this has created quite the mystery for me. Did Messenger switch to 119 for firewall reasons? Does the Messenger version make a difference? If anyone knows let me know. BTW, I even opened a question on the Ethereal Users List over this one. (http://www.ethereal.com/lists/ethereal-users/200605/msg00039.html).