Well, Alan seems to have the same kind of information as me on this... If it is confirmed that the newer versions of the Yahoo Messenger protocol do not transmit the password in plain text, then users should all upgrade their Messenger and use the ymsg10 or ymsg9 protocol. This should probably answer Jeremy's concerns. Even then, it does not change a thing for the security of the data transmitted after login, including screen name, aliases, buddy list, and messages, but at least the newer versions of Yahoo seem at a same level of (in)security as the other major IM programs. As far as I am concerned, I am not confident in letting people use IM programs in a corporate environment. I would much more confident with a corporate IM system (with an internal IM server), that would eventually include a gateway to external servers (Yahoo, MSN, etc.) The architecture of Instant Messaging services in a corporate environment would then be similar to the architecture of e-mail : an internal e-mail server with user accounts, and an e-mail gateway to the Internet. This sounds much better than deploying POP3 clients and giving everyone in the company a Yahoo Mail account, doesn't it ? I have heard of a IM server for enterprises : "Akonix L7". Has anyone successfully deployed this product ? Any interesting experiences to share ? Regards Chris > >> A couple things - one, yahoo DOES send the >> password in plain text, you just have to capture >> it at the right time, > > That aint true the last time i was messing with > yahoo protocols i learned alot for them there > main ones are called ycht and ymsg and depending > on what protocol you use when logging in it will > then depend how the password is sent. On the > ycht protocol your password will be sent in > clear text in the login string i here there is > plans for yahoo to stop using this protocol but > ymsg it is alot more secure at first ymsg wasn't > to great and it had problems where people could > authenticate there selfs as any user without > there password for a good txt on ymsg9 you > should read > http://www.venkydude.com/articles/yahoo.htm > yahoo is now at ymsg10 but it ant much changes > from 9. > Regards > Alan __________________________________________________ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com
This archive was generated by hypermail 2b30 : Wed Aug 28 2002 - 11:17:00 PDT