Re: obtai an IP of an MSN Messenger contact

[Vidar Løkken <vidarlo () vestdata no>]

On Wed, 5 Apr 2006, n3td3v wrote:

> If you want the IP of a user on Yahoo Messenger, all you do is add a user to
> your list with social engineering techniques, then you listen on port 5101
> and send the victim a normal instant message. Yahoo compromises security in
> that way by attempting to establish a peer to peer connection between
> consumer clients, to save on server useage. Yahoo don't care how easy it is
> to obtain a users IP by simply sending someone an instant message. Yahoo say
> the fact you need to add each other to a friends list first is good enough
> security to protect its users.

I don't see this as a problem really, since it is trivial to lure a user 
into a website one controles, by sending a unique url to someone. Besides, 
a IP is not a sensitive piece of information in any way, as you leave it 
at any website you surf by.
Could you care to explain why I should care if Joe R. Andom Cracker has my 
from yahoo IM?

--
Regards,
Vidar
Better dead than mellow.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/