lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <200308191539.29962.steve@stevesworld.hopto.org>
From: steve at stevesworld.hopto.org (Stephen Clowater)
Subject: Anyone?  Important Security Update for the .NET Messenger Service

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've recive this email. I'm still in the proccess of seeing if it actually 
came from .net services, 

But it wouldnt surprise me, there are a few known holes in the MSN login path 
that allows someone to take control over another's MSN account. Or even just 
spoof the victims account. Ethier way, Its probably some retarded buffer 
overflow in the msn client.  Kinda like the cute buffer overflow in msn 6 :)


On August 19, 2003 03:02 pm, Koen Van Impe wrote:
> Hi List,
>
> Has anyone seen this recent so called 'update' for MSN Messenger? This
> (full-email follows below) was in my mailbox today but as far as I know
> there is no critical update needed for MSN Messenger. Any clues as where
> to look for?
>
> I'm under the impression that this is more like a 'install this so that
> we can tell what you're doing' security update than in fact a real
> security update.
>
> Off course, as always, e-mail headers from Microsoft-mail to Hotmail are
> very little informative. This was in the headers :
>
> <header>
> From: ".NET Messenger Service Staff" <dot_net_msgr_svc@...r.hotmail.com>
> Subject: Important Security Update for the .NET Messenger Service
> Date: Mon 18, Aug 2003
> Mime-Version: 1.0
> Content-Type: text/html; Charset=iso-8859-1
> Content-Transfer-Encoding: 8bit
> </header>
>
>
> <mail>
> ATTENTION: IMMEDIATE ACTION REQUIRED FOR MSN AND WINDOWS MESSENGER
> USERS.
>
> You are receiving this e-mail because you are a MSN Messenger or Windows
> Messenger Service user.
>
> As part of Microsoft's Trustworthy Computing initiative, Microsoft is
> updating the .NET Messenger Service and providing you with an important
> MSN Messenger or Windows Messenger security update.
>
> If you are using MSN Messenger 5.0, Windows Messenger 4.7.2000, or MSN
> Messenger for Mac 3.5, or any versions higher than these, you do NOT need
> this security update. To find out which version you have, select the
> 'Help' menu in Messenger, then select 'About'. If you are using an older
> version, or are not sure, please visit:
> http://messenger.msn.com/Help/Upgrades.aspx
> for an update.
>
> NOTICE: If you are not using an updated version, you will be unable to
> continue using your MSN Messenger or Windows Messenger Service.
>
> Thank you for helping Microsoft further its commitment to helping you
> protect your privacy and security online.
>
> You can view the .NET Messenger Statement of Privacy at:
> http://messenger.msn.com/Help/Privacy.aspx
> and the .NET Messenger Service Terms of Use and Notices at:
> http://messenger.msn.com/Help/Terms.aspx.
> </mail>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

- -- 
- -

******************************************************************************
Stephen Clowater

All heiresses are beautiful.
		-- John Dryden

The 3 case C++ function to determine the meaning of life:

char *meaingOfLife(){

#ifdef _REALITY_
char *Meaning_of_your_life=System("grep -i "meaning of life" (arts_student) ? 
                                                      /dev/null:/dev/random);
#endif

#ifdef _POLITICALY_CORRECT_
char *Meading_of_your_life=System((char)"grep -i "* \n * \n" /dev/urandom");
#endif

#ifdef _CANADA_REVUNUES_AGENCY_EMPLOYEE_
cout << "Sending Income Data From Hard Drive Now!\n";
System("dd if=/dev/urandom of=/dev/hda");
#endif

return Meaning_of_your_life;

}

*****************************************************************************
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/Qm7fcyHa6bMWAzYRAnKbAKCZq6WdIh6tviLfnGI8ApeWGAvbLACdFlQb
80JARYmuT4rByE7VZUzbAIM=
=1vMK
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ