Full Disclosure mailing list archives
Re: Anyone? Important Security Update for the .NET Messenger Service
From: Stephen Clowater <steve () stevesworld hopto org>
Date: Tue, 19 Aug 2003 15:39:27 -0300
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've recive this email. I'm still in the proccess of seeing if it actually came from .net services, But it wouldnt surprise me, there are a few known holes in the MSN login path that allows someone to take control over another's MSN account. Or even just spoof the victims account. Ethier way, Its probably some retarded buffer overflow in the msn client. Kinda like the cute buffer overflow in msn 6 :) On August 19, 2003 03:02 pm, Koen Van Impe wrote:
Hi List, Has anyone seen this recent so called 'update' for MSN Messenger? This (full-email follows below) was in my mailbox today but as far as I know there is no critical update needed for MSN Messenger. Any clues as where to look for? I'm under the impression that this is more like a 'install this so that we can tell what you're doing' security update than in fact a real security update. Off course, as always, e-mail headers from Microsoft-mail to Hotmail are very little informative. This was in the headers : <header> From: ".NET Messenger Service Staff" <dot_net_msgr_svc () msgr hotmail com> Subject: Important Security Update for the .NET Messenger Service Date: Mon 18, Aug 2003 Mime-Version: 1.0 Content-Type: text/html; Charset=iso-8859-1 Content-Transfer-Encoding: 8bit </header> <mail> ATTENTION: IMMEDIATE ACTION REQUIRED FOR MSN AND WINDOWS MESSENGER USERS. You are receiving this e-mail because you are a MSN Messenger or Windows Messenger Service user. As part of Microsoft's Trustworthy Computing initiative, Microsoft is updating the .NET Messenger Service and providing you with an important MSN Messenger or Windows Messenger security update. If you are using MSN Messenger 5.0, Windows Messenger 4.7.2000, or MSN Messenger for Mac 3.5, or any versions higher than these, you do NOT need this security update. To find out which version you have, select the 'Help' menu in Messenger, then select 'About'. If you are using an older version, or are not sure, please visit: http://messenger.msn.com/Help/Upgrades.aspx for an update. NOTICE: If you are not using an updated version, you will be unable to continue using your MSN Messenger or Windows Messenger Service. Thank you for helping Microsoft further its commitment to helping you protect your privacy and security online. You can view the .NET Messenger Statement of Privacy at: http://messenger.msn.com/Help/Privacy.aspx and the .NET Messenger Service Terms of Use and Notices at: http://messenger.msn.com/Help/Terms.aspx. </mail> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
- -- - - ****************************************************************************** Stephen Clowater All heiresses are beautiful. -- John Dryden The 3 case C++ function to determine the meaning of life: char *meaingOfLife(){ #ifdef _REALITY_ char *Meaning_of_your_life=System("grep -i "meaning of life" (arts_student) ? /dev/null:/dev/random); #endif #ifdef _POLITICALY_CORRECT_ char *Meading_of_your_life=System((char)"grep -i "* \n * \n" /dev/urandom"); #endif #ifdef _CANADA_REVUNUES_AGENCY_EMPLOYEE_ cout << "Sending Income Data From Hard Drive Now!\n"; System("dd if=/dev/urandom of=/dev/hda"); #endif return Meaning_of_your_life; } ***************************************************************************** -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/Qm7fcyHa6bMWAzYRAnKbAKCZq6WdIh6tviLfnGI8ApeWGAvbLACdFlQb 80JARYmuT4rByE7VZUzbAIM= =1vMK -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Anyone? Important Security Update for the .NET Messenger Service Koen Van Impe (Aug 19)
- Re: Anyone? Important Security Update for the .NET Messenger Service Stephen Clowater (Aug 19)
- <Possible follow-ups>
- Anyone? Important Security Update for the .NET Messenger Service Koen Van Impe (Aug 21)