Re: Nis 2002 and messenger - Privacy

From: Joseph V. Morris (jvmorris@erols.com)
Date: 05/10/02 

From: "Joseph V. Morris" <jvmorris@erols.com>
Date: Fri, 10 May 2002 14:04:17 -0400

First things first: Did you see MS02-22, which came out last night,
identifying a problem with the Chat function in MSN Messenger? (I'm
unclear as to whether this also applies to Windows Messenger on Win XP.) .
. . .

"Iznogood" <Iznogood@start.no> wrote in message
news:3cd79a77@news.wineasy.se...
| Ops Sorry You are correct.
| It is Windows messenger 4.6.0077 (norwegian version).with msn add-on.
Could
| that msn addon be the culprit?

That "add-on" killed Windows Messenger dead on the one Win XP box to which
I have access. You might, however, wish to check on the
microsoft.public.winxp.messenger newsgroups. (Just be sure to indicate
you're running the Norwegian version.)

| All I'm trying to do is chat (send textmessages) to my friends. . . .

Yeah, well that could be related to the problem/vulnerability described in
MS02-22. However, as I read it, that sounds like functionality that
allows you to work in a public chat room (like, for example, one of the
MSN chatrooms) directly from Windows Messenger. (That's different from
having an impromptu conversation with one or two of your friends directly
from Messenger.) Indeed, your original problem description sounds very
much as if you were using that functionality.

| . . . . Not send
| files or something. When I try to do this (or even just log on to the
| messenger service- the ip destination is a messenger one 64.4.13.252)...

Well, that particular IP address is allocated to an MS Hotmail server that
I show as being located in Mountain View, CA. Again, that sounds very
much like some sort of MSN Chat Room authentication of you as being an
authentic user. (That's not a definitive answer; I've never used
Messenger for this purpose.) However, MSN, in all likelihood, _would_
authenticate on the basis of your HotMail account (or MS Passport).

| . . . . I get
| a warning from Nis (privacy part) that information I have spesified to
be
| private (in this case my email). Yes I have said to NIS that my email
should
| be private, thinking of websites that would steal my email and so on. If
it
| was just vhen I logged on I wouln't care, but since this warning is
popping
| up every time i tuch the keybord in a chat session it's kind of anoying.

'Chats' can be hijacked in mis-session. Again, this would seem like a
simple authentication mechanism to confirm that the person (you, in this
case) engaged in the conversation is still precisely whom you represent
yourself to be. For THAT PARTICULAR IP address, it might be best for you
to allow the communication, just so that you can continue your chat
session.

| I'll try to uninstall the msn-addon and see if that helps.
. . . . 

--
Regards,
    Joseph V. Morris
    jvmorris@erols.com
    ICQ #29438199

This is a NEWSGROUP message; except for privacy reasons, please respond
therein; an e-mail COPY is always appreciated, of course.
Almost all electrons used in the creation of this message were recycled.
No electrons used in the production of this message were harmed or
mistreated in any manner.

Relevant Pages