Re: Anyone? Important Security Update for the .NET Messenger Service

[Stephen Clowater <steve () stevesworld hopto org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've recive this email. I'm still in the proccess of seeing if it actually 
came from .net services, 

But it wouldnt surprise me, there are a few known holes in the MSN login path 
that allows someone to take control over another's MSN account. Or even just 
spoof the victims account. Ethier way, Its probably some retarded buffer 
overflow in the msn client.  Kinda like the cute buffer overflow in msn 6 :)


On August 19, 2003 03:02 pm, Koen Van Impe wrote:
> Hi List,
>
> Has anyone seen this recent so called 'update' for MSN Messenger? This
> (full-email follows below) was in my mailbox today but as far as I know
> there is no critical update needed for MSN Messenger. Any clues as where
> to look for?
>
> I'm under the impression that this is more like a 'install this so that
> we can tell what you're doing' security update than in fact a real
> security update.
>
> Off course, as always, e-mail headers from Microsoft-mail to Hotmail are
> very little informative. This was in the headers :
>
> <header>
> From: ".NET Messenger Service Staff" <dot_net_msgr_svc () msgr hotmail com>
> Subject: Important Security Update for the .NET Messenger Service
> Date: Mon 18, Aug 2003
> Mime-Version: 1.0
> Content-Type: text/html; Charset=iso-8859-1
> Content-Transfer-Encoding: 8bit
> </header>
>
>
> <mail>
> ATTENTION: IMMEDIATE ACTION REQUIRED FOR MSN AND WINDOWS MESSENGER
> USERS.
>
> You are receiving this e-mail because you are a MSN Messenger or Windows
> Messenger Service user.
>
> As part of Microsoft's Trustworthy Computing initiative, Microsoft is
> updating the .NET Messenger Service and providing you with an important
> MSN Messenger or Windows Messenger security update.
>
> If you are using MSN Messenger 5.0, Windows Messenger 4.7.2000, or MSN
> Messenger for Mac 3.5, or any versions higher than these, you do NOT need
> this security update. To find out which version you have, select the
> 'Help' menu in Messenger, then select 'About'. If you are using an older
> version, or are not sure, please visit:
> http://messenger.msn.com/Help/Upgrades.aspx
> for an update.
>
> NOTICE: If you are not using an updated version, you will be unable to
> continue using your MSN Messenger or Windows Messenger Service.
>
> Thank you for helping Microsoft further its commitment to helping you
> protect your privacy and security online.
>
> You can view the .NET Messenger Statement of Privacy at:
> http://messenger.msn.com/Help/Privacy.aspx
> and the .NET Messenger Service Terms of Use and Notices at:
> http://messenger.msn.com/Help/Terms.aspx.
> </mail>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

- -- 
- -

******************************************************************************
Stephen Clowater

All heiresses are beautiful.
                -- John Dryden

The 3 case C++ function to determine the meaning of life:

char *meaingOfLife(){

#ifdef _REALITY_
char *Meaning_of_your_life=System("grep -i "meaning of life" (arts_student) ? 
                                                      /dev/null:/dev/random);
#endif

#ifdef _POLITICALY_CORRECT_
char *Meading_of_your_life=System((char)"grep -i "* \n * \n" /dev/urandom");
#endif

#ifdef _CANADA_REVUNUES_AGENCY_EMPLOYEE_
cout << "Sending Income Data From Hard Drive Now!\n";
System("dd if=/dev/urandom of=/dev/hda");
#endif

return Meaning_of_your_life;

}

*****************************************************************************
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/Qm7fcyHa6bMWAzYRAnKbAKCZq6WdIh6tviLfnGI8ApeWGAvbLACdFlQb
80JARYmuT4rByE7VZUzbAIM=
=1vMK
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html