Home › Forums › Archives › Instant Messaging › Yahoo! Messenger Support › YahTalk and why to stay away from it.
- This topic has 0 replies, 1 voice, and was last updated 11 years, 1 month ago by Dermot.
-
AuthorPosts
-
March 1, 2013 at 5:00 pm #35751DermotParticipant
You will see in the coming weeks word of a yahoo messenger companion application claiming to bring chat back.
I have personally checked this application and hereby give you the run down on why you should avoid it.
The service is initially been backed and controlled by ex Yahoo booters (that in itself should worry you).
The server code that controls all your chat and voice data is terribly poorly written and very shabby and insecure, yes i seen the code.
The actual application that injects itself into the Yahoo messenger process is written in C# and written very poorly also, I as a .NET programmer spoke to the author and he didn’t have knowledge of the most basic fundamental structure of C# nor the .NET framework so i would never rely on this person to protect my privacy or my data over his rented servers.
I also disassembled the code in question using reflection and also seen how badly it was written with many little “hacks” and workarounds which he claims never happens in this application.
Everything you type or talk in the service passes from your Yahoo “hacked Conference window” through their servers unencrypted and can be read or listened to by outside parties with relative ease and recorded by any device.
I asked the author “Bruce Wiggins” what he intends to get from this application and he replied “a quick buck”
To have voice in user rooms you must pay this author, yet he is using Yahoos voice servers and charging you for them, think about it.
The service has IDs that can be 100% invisible in the room and can ease drop and monitor rooms without you knowing.
They force you to sign up to the Yahtalk forums to login yet use your yahoo login also passing through their servers.
They police voice chat owned by yahoo on a RTP timeout of 30 seconds, which their staff is not “included”.
They claim to not moderate chat but yet ban on a whim with anybody who questions them and the chat servers can’t stay online for more than 24 hours with only 10-15 users, could imagine if anybody else tried the service?
As i said earlier the server code was very basic and badly written, Most servers have a backend and authentication systems and a lot of redundacies for traffic loads and even targeted attacks against that server, however there is no such features on the yahtalk server, it can be attacked quite easily and will disconnect not just a single user but the entire small userbase it caters. The fact your chat data and login data and other data you enter into this application is passed through this basic server, you’re allowing yourself to fall victim to any breach this poor server will have and will be targeted easily.
When you use this application you’re not only closing any warranty with Yahoo! inc but also breaking it’s terms and therefore will get zero help from them in future.
Now this application uses the yahoo! “conference window” to inject chat data and read from anytime you enter chat, this is another security disaster as the chat windows used in conference windows is basically the same as a IM window, which means it will auto parse youtube videos and Images without your approval and can be used to retrieve your IP address by just posting a url into a room and you’re putting yourself into further security issues by even been in that chat. They are also injecting user scripts into the IE com control conference window which is basically Internet Explorer web browser control and putting you in a position to be exploited with a poorly mismanaged scripting function that could harm you or your computer.
You will find more security on a free chat server elsewhere.
I could go on but thought it prudent to alert all the users here of this disaster of a program.
-
AuthorPosts
- You must be logged in to reply to this topic.