I would also like to point out that messenger sends the password in clear text. I don't know if that has been said before and if it has i'm sorry --- Scott Woodward <scottat_private> wrote: > All versions of Yahoo messenger version 5. Listens > on port 5101 on client > machine. (obviously to > offload server traffic for IMs) > > problems: > (for all of the problems listed below, the traffic > is sent to the yahoo > messenger opened port, 5101) > > 1. One can crash yahoo messenger by overflowing > the message field in the > yahoo protocol. > 2. One can crash yahoo messenger by overflowing > the IMvironment field in > the yahoo protocol. > 3. One can send a message as a spoofed name. > 4. One can send many many messages from different > names, flooding the > person. > 5. One can add a person to their buddy list > (without their consent even), > then message them a few times and that persons IP > address will be sent in a > message over yahoo's server. > > I would imagine there are many many more security > problems to be found. > > > __________________________________________________ Do You Yahoo!? Yahoo! Sports - Coverage of the 2002 Olympic Games http://sports.yahoo.com
This archive was generated by hypermail 2b30 : Mon Feb 25 2002 - 14:35:25 PST