- This topic has 8 replies, 4 voices, and was last updated 22 years, 10 months ago by
.
-
Posts
-
🙁 My worst fears have been confirmed. there IS a program that adds w/o permission. I am using my better judgement and I am NOT posting the name for it here….but here’s what it claims to do…”…add ppl to your list without them knowning, they cant not-accept so u can spy on them ” This type of thing makes me SICK…. I would not use something like this…and those out there who do… what reason…. I mean LEGITIMATE reason would there be for it? NONE! Anyway…just be ware… if you chat…people are hunting you!
😎 If anything, that’d be a weakness for them……. for me to be on their list. For others, probably not. There’s more than one of these programs out publicly and they’ve been around longer than you’d think. Just because you are on their list doesn’t mean that you are being hunted or potentially hunted, lol. They can track your online/offline status and your chats that you go to and that’s about it. If you have Y!TunnelPro up and configured to block outsiders pm’s, invites, and buddy & cam req’s…… you don’t need to worry at all about anything other than maybe a stalker that can’t do jack to you. They wouldn’t be able to obtain your IP currently either as if you’re using the newest Y!TunnelPro V1.1 Build 164, your ip and profiles are inaccesible to hackers and your ip is masked as 187.64.187.64 (in a voice chatroom). All of their attempts would be rejected. Just don’t do p2p cam sessions, file xfers, IMVironments, and pm’s with non-buddies if you wanna be on the safe side. These would reveal your true ip to them. Restrict all access just to buddies on your list. If you’ve got the newest Y!TunnelPro, make sure you have all anti-boot options turned on like “block direct connections to messenger” and have “hide my ip and profiles” enabled. Put up a good firewall like Sygate Pro 5 and configure it to block udp ports 5000-5010 to block mic boot exploits that use yahoo’s voice chat udp data streams like yacscom.dll and the other ypagers like myyahoo.dll and tsd32.dll to name some. Having the “prevent loss of voice on mic” option in Y!TunnelPro enabled will do this too. Logon as “invisible” if you don’t want the person seeing your online presence. If you suspect a certain person has you on their list……. deny-a-buddy them. If someone has me on their list…… they’d be a victim as they’d be forced to see my status if they opened a pm to me. They’d end up catching an iframe code and would go bye bye if they weren’t using the newest Y!TunnelPro (as it blocks status msg iframes). Sometimes, my status messages aren’t nice.
Basically, I’m telling you this……… Not a big deal. As for these program’s reasoning…… only could be malicious or they would have asked you for permission. Just make sure you’re properly protected because Yahoo can be a dangerous place at times. Hell, who knows, you might even become buds with a stalker at some point down the road. Could turn out to be a friend. 😀
Thank you for sharing your extensive knowledge on this subject. It REALLY IS appreciated. I believe I am going to take what you wrote to heart! it just goes to show there ARE some people who use their knowledge for good and not evil. Thanks again!
ALL it takes to add someone is a link to the right URL. Permission is not asked. That doesn’t mean they can IM you if you reject those not on your Friend list.
As for legitimate use?
I am very close to several disabled people. Annoying and explicit IMs often reduce them to tears. They cannot respond quickly to them, nor is their level of sarcasm as finely honed as mine.I add “potential stalkers” (without permission) all the time. Pass them a reality check – most are decent, but got carried away – they change abruptly when they hear that they’ve just made a poor defenseless crippled girl cry.
Only in one case have I run across someone who’s movements I do actually watch (and in more ways than one). I have his IP in the event the police need it, as well as his ISP’s. When told who he is, and how he’s hooked in, he stopped. There has been no need for the police, but he’s still under more scrutiny than he’s aware.
But the point of this was that there are indeed PROGRAMS…and I have been stalked…and take my word for it…I don’t want to hack, know how to hack or enjoy being hacked…as evidenced by by past posts. I just wanted to make people out there aware that there is more than just URL links etc…. and those of us online who are not up to nefarious activities…which I would venture to guess are most of us…. should just be aware that those sorts of programs are around. Believe it or not there are many people out there who don’t think they need protection and accept PM’s from anyone.
LOL – solidly on target … it reminds me of Steve Martin in “The Jerk”.
The day he gets his name in the phone book, he feels like a “real person”. That’s the same day a serial killer randomly picks his brand new name from the phone book.
We all have IPs, and the world’s a big place (but sometimes not big enough).
Not trying to push a product, but I’ve had very good luck with Black IceDefender, even in addition to a firewall. A few years ago, it caught our company being quite intentionally targeted.
Try it on evaluation – I hope there’s SOMETHING out there that can make a difference for you and other victims, Oreo:)
(and personally, I’m thankful for your reminders – this is a serious topic, and one not to be forgotten)
And I am thankful for people like you out there Louis…I mean people who are intelligent and don’t mind sharing what they know… Thanks!!! You are truly appreciated! (Even when I get on my soap box and start complaining!)
Adding w/o permission…old news. Can be done through your Profile page. All these apps are using is the yahoo url for adding buddies but with the group/username replaced with one of your choice.
Don’t worry about it…
No problem Oreo. Black Ice…….errrrr…….. not a big fan at all for too many reasons. As far as I’m concerned their exploitful history isn’t very impressive. From what I know in the security field….. Sygate pro 5 is the best there is for a Windows machine currently. I attend ITT-Tech in Dayton, Ohio and they use Sygate on all there computers as well. With Sygate Pro you get a whole arsenal of goodies like dll-authentication, anti-ip spoofing, anti-mac address spoofing, and a crapload more stuff that makes the firewall the best that there is, imo. It’s not only an awesome stateful packet inspecting firewall suite but a full blown Intrusion Detection System as well. It is a hybrid of both. It also has a 30-day free trial on it. Whatever works though works. Different strokes for different folks. Glad to be of help Oreo. Even with a firewall like Sygate, and Y!TunnelPro in your defense, there still are ways to get booted from messenger. The biggest way is through using exploits in voice chats. When you initiate voice chat two of the known and documented udp ports 5000 – 5010 are opened locally on your computer to receive yahoo’s audio data stream from the actual voice server. Yahoo does the poorest job of validating this actual data stream and it’s contents and making sure that the data is actually coming from the source ip address that it’s supposed to (yahoo’s voice servers). So, pretty much, anyone with some udp protocol knowledge and a bit of programming knowledge can probe for exploits, find one, and implement it into a program (usually in vb6 for ease of use) based around the udp protocol. Once the prog is written, if correctly done, it can inject it’s customly written udp malformed packets into yahoo’s voice stream data and have it broadcasted to the entire targeted room giving ypager errors to everyone in there running the targeted ver. and build of messenger that the exploit(s) effect. This is a packeting denial of service attack which have been around for years now. Luckily, blocking these udp ports won’t deny you voice chatting on messenger. Yahoo Messenger reverts to the tcp protocol when it realizes that it’s default udp port range is blocked off and chooses a random tcp port for the audio data stream to be received locally. TCP packets are much harder to write so hackers or potential hackers normally don’t want to bother with even trying to exploit you. UDP doesn’t establish a connection-state so the attackers ip wouldn’t be revealed to the targets as well as this proto doesn’t use congestion control that would slow the data down from hitting the potential victims. UDP also supports multicasting which would be ideal for dos attacks. So, udp can be a dangerous protocol when the malicious packets are crafted right. Having your voice chats over the tcp protocol is much safer as this proto actually does error-control & correction and validation…… not to mention that hackers would never be able to guess which tcp port is receiving the audio data on your end normally. Without this knowledge, they wouldn’t know which port(s) running the service to target. Only thing that kind of sucks about tcp protocol is that they use congestion control and this can bog down streaming data communication, which at times, you can notice in voice chats on low-band dialup connections. UDP is the most ideal for streaming data because it lacks congestion control…meaning less lag between your bi-directional connection. Just thought that some people might want to know this as firewalls wouldn’t stop some of these exploit-boots in certain situations using new malformed packeting techiniques targeting certain ports. Everyday someone is figuring something new out that can be potentially malicious. The question is……. will it ever be exploited ? It all depends on who has the knowledge and what their intentions are. Knowledge is power……. no doubt about it.
- You must be logged in to reply to this topic.