Home › Forums › Archives › Instant Messaging › Yahoo! Messenger Support › I laugh at booters
- This topic has 13 replies, 11 voices, and was last updated 18 years, 7 months ago by stupidisasstupiddoes.
-
AuthorPosts
-
July 3, 2003 at 6:24 am #6685liquidvoodooMember
I can see everybody in a chat room get booted and I am not effected. Why is that? I’m not complaining, just wondering.
July 3, 2003 at 12:07 pm #60353freddyMembershh, don’t tell Yahoo!, they will start to worry they got something wrong!!!!!!!
If you using java/chat2.0 you are pretty safe, way safer than Messenger.
If you use Y!Tunnel or a customised filter you are also safer that just using bare Messenger.
If you use a 3rd party client you really are laughing at the booters:D
July 5, 2003 at 12:12 am #60352gaz_berottenMembershh, don’t tell Yahoo!, they will only make new bootcodes and make future bootable messengers. If you cant be booted dont say
May 26, 2004 at 4:38 pm #60355kssunMemberWondering that why I cant connect to chat 2.0. The notice I get from yahoo is listed like that :
Chat 2.0 doesn’t seem to be loading normally. You can:
Wait longer, or
Return to the front page.Any soloutions???
July 7, 2004 at 3:06 am #60354MelodeathMemberwhat? yahoo! makes the bootcodes themselves? why?
July 7, 2004 at 2:00 pm #60356dorkusMemberi roam around yahoo with 2 accounts, one on Y!TunnelPro 2.0 and Messenger 5.6. thats the main one, and then a second one in Yahelite connected through a Socks5 proxy following the main name… laughing at booters is what I do best because they cant boot either one.
I laugh even harder everytime some ‘know it all’ in a chatroom says that Y!Tunnel is bootable. I reply,”Then shut up and prove it!” they never can, but a few have tried lol. The fact of the matter is, with a Cloaked Y!Tunnel and strong preferences, messenger is just as safe as chat 2.0… only more functional.
August 13, 2004 at 3:59 am #60357CappyMemberThat’s just usually some yahoo employee trying out their software tools and abilities I think. Last time, clock ran about 3 hours and was not booted once. but I was mostly inactive.
October 11, 2005 at 10:36 pm #60362married1wannaMemberThere are some pretty good alternative chat clients out there that are free, and are very tough to boot, because they use ychat, as a chatting protocol option. A comparision of these chat cleints and some laymens information is available on http://www.yahlist.net/boots.htm
October 12, 2005 at 12:55 am #60358miGsMemberliquidvoodoo wrote:I can see everybody in a chat room get booted and I am not effected. Why is that? I’m not complaining, just wondering.
Well, maybe you are not being attack by booters.Melodeath wrote:what? yahoo! makes the bootcodes themselves? why?
I dont think Yahoo! will bother making bootcodes since there are a lot of script kiddies out there making bootdcodes to boot messenger.Well for me its much better to be quiet if you are not getting booted in a chatroom. Better to just share your method of being “boot resistant” to others(in private) especially to those that are victims of booters.
Yes there are a lot of good 3rd party chat clients out there that are bootcodes resistant, but Yahoo! protocols are not. Even the Chat 2.0 and ycht protocol are said to be “boot resistant”, but not unbootable.
October 13, 2005 at 9:31 am #60359Torseq Tech.MemberIf you use Y!Tunnel or a customised filter you are also safer that just using bare Messenger.
Yes, that’s correct.
If you using java/chat2.0 you are pretty safe, way safer than Messenger.
This can be argued. If you’ve heard of a feature Chet Simpson coins “Cloaking” *Y!Tunnel features this* (this can also be done through Messenger without Y!Tunnel only you’ll have to do it manually each time) this feature “informs” the YMSG server that Messenger’s connected to to NOT send the majority of packet types that are considered “extras”. The bare-bone features can be used in this mode while the rest are restricted until after you’ve ‘uncloaked’ — or turned your Alias ID back to the ‘activated’ status. The YMSG features that are available when cloaking are chat room messages, PMs (behavior changes and these aren’t always available) and chat invites, nothing else. If you were to do a feature “run down” for Chat 2.0 (DHTML-based implementation of this protocol via the Yahoo! webpage) you’d see quickly that an Alias ID in a chat room “Cloaking” in YMSG is exactly equivalent in feature set to a Chat 2 protocol user and vice versa. When people “Cloak” they may not know it right away but they infact are “dumbing down” their YMSG session to that of a Chat 2 session.
YCHT protocol is a different story as it’s so bare-boned that it’s virtually impossible to be ‘booted’ from packet floods while using it. The majority of the ‘flooding’ is literally dropped by the YCHT servers themselves so the user experiences virtually none from PM bombing and as a result the servers aren’t ‘forced’ to drop their connection. The YMSG/HTTP login (I’ve yet to see a single 3rd party chat client support this) is also a tough contender and it’s users certainly aren’t prone to being “disconnected” by PM bombs, add buddy bombs etc. due to the nature of the way HTTP operates (not a single long-lasting connection but frequent connections to the servers meaning the connection isn’t in ‘real-time’). Good luck to anyone that thinks they can disconnect a user who’s ‘connection’ is based on a timer to check for new content (in this case YMSG data) every so many seconds.
If you use a 3rd party client you really are laughing at the booters
I assume you’ve made this statement implying that all 3rd party clients are “secure”? The majority are multi-protocol and most users use a 3rd party client simply to get away from YMSG’s problems (they seem to enjoy YCHT and Chat 2 for this). What was it like only about 2 months ago where a remote buffer overflow vulnerability was discovered and *fixed* in a recent build of YahElite? I’ve yet to enjoy chatting on a 3rd party client because the authors are always playing catch up with Messenger’s new features. No 3rd party client has full support for all of YMSG protocol’s features – not even counting the fact that I’ve yet to see a 3rd party client support YMSG13 protocol as it requires a “hacked” login. The rich edit control vs. the MSHTML usage in 3rd party clients also doesn’t make 3rd party clients more “secure”, it only makes them less desirable when smilies are put on screen etc.
I believe (many do) the “best way” to deal with being booted is to simply use an application-layer gateway *Y!Tunnel is one of these* to handle the specific Messenger-exclusive vulnerabilities while at the same time using them to ‘bridge’ to other protocols such as Chat 2 and YCHT so they can be used through Messenger. People want to use Messenger and not 3rd party clients written to clone the official client. Why reinvent the wheel? A 3rd party client using the YCHT protocol isn’t any more “unbootable” than Messenger bridged to a YCHT server.
October 13, 2005 at 3:32 pm #60363stupidisasstupiddoesMemberYep, I remember when Yzak came out a few years ago, and it claimed it was “unbootable”. That was like painting a big bull’s eye on it. Every coder out there set Yzak in their sights, and now Yzak is one of the easiest clients to boot now. Yahelite had its Avatar exploit, the only laughing was probably from the “booters” when those users were getting booted out. Mychat had a “fade” exploit last year, Yaheh gets the “freeze” now, JAM and Quickchat both just get spanked. There are people out there constantly on the look out for new exploits.
I prefer Msg just like Torseq, but it is also very vulnerable especially the next time a new “IFRAME” exploit comes out. Last year that exploit sent Ymsg/Ytunnel user not properly set up to websites of the booters choice. Many of these websites caused a buffer overflow with execution of malicious code and infected unprotected computers. Third party clients were unaffected. So reinventing the wheel isn’t always a bad idea.
October 13, 2005 at 8:46 pm #60360Torseq Tech.MemberI prefer Msg just like Torseq, but it is also very vulnerable especially the next time a new “IFRAME” exploit comes out.
If you’ve got it locked down properly and are using a good ALG pretty much the only stuff you’ll see is the same old html code IFrame injections along with the standard packet flooding. The voice “freezes” are a problem with the voice library (this affects 3d party clients using yacscom too) and not Messenger itself. The last major IFrame injection was exploited through Yahoo!’s port 5001 RTCP voice server due to the cloning that was able to take place. As a result voice users could make up their own voice IDs and log them into voice. Eventually somebody found out that you could include html code/javascript as the voice ID. This has been patched for a while now.
There’s been some others involving the PM-only ‘search’ using the “s:” search handler and even the more recent find of the “msg:” handler. With the msg: handler .gif pictures can be loaded into chat, javascript executed and other annoyances. If you’ve got your PMs closed to friends only and/or safe listed users the search handler vulns won’t exist since they can only be exploited through PM.
Last year that exploit sent Ymsg/Ytunnel user not properly set up to websites of the booters choice. Many of these websites caused a buffer overflow with execution of malicious code and infected unprotected computers.
This first sentence is true but the last isn’t clear. All that was really done (since these guys seem to think that this is more than likely all that they can do) was annoying voice users by loading images into the chat room, popping up msg dialog’s through js, loading music/vid streams and taking them to websites.
Now, by taking them to websites containing streaming videos created to exploit vulnerabilities in products like Windows Media Player (as one example)… that’s when this last sentence could be true but this wouldn’t be a Messenger problem, the same could happen simply by visiting any site through your browser and streaming a WMP video. The “overflow” and execution of arbitrary code could very well effect WMP itself or another entity that’s vulnerable.
I don’t want people thinking I’m saying that Messenger is ideal security-wise because it’s not. I just find it laughable when others condone usage of 3rd party clients (without even mentioning a name!) to magically make users ‘unbootable’ and their chat sessions problem-free. When people say “Just use a 3rd party client, bro” I normally ignore them in chat. The reason why is because these people seem to think that ANY 3rd party client (just because it’s 3rd party) will automatically be “more secure” than Messenger… without even having to mention the client’s name, author or language that it was coded in, standards followed etc. There are no benefits imo to using a 3rd party client as like I said previously the clients are being coded to catch up to Messenger all the time while Messenger is just obtaining newer features and actually building onto what it already has. By enhancing this client with an ALG users can have access to all of it’s features while keeping them safer at the same time (assuming the ALG was coded properly and takes into account patching of Messenger-specific vulnerabilities).
October 14, 2005 at 5:59 am #60364stupidisasstupiddoesMemberYahoo is constantly patching, but people are constantly looking for new exploits. Adding a hook firewall (Ytunnel) doesn’t automatically protect you. That last exploit you are referring to was patched just before Christmas, 2004. Ytunnel did not protect against it. I was never sent to a website, but I did set up some script showing that is was possible to do so. Third party clients were not vulnerable to this exploit. Now if you were sent to a site with malicious code installed it would be possible for a buffer overflow to occur and the affected computer to become infected. I have seen this happen with a person stealing an ID and pretending to be that person and go on messenger and send a pm to everybody on that list, saying “hey please help me, this person is bugging me go see their profile at http://www.geocities.com/booter_hacker_wannabe”. (not the real link) Then when they clicked on that link, a spoofed Yahoo Login page would pop up and the people would enter in their ID and password, then have a zillion pop ups crash their computer and they would be infected when they rebooted. There are many different sites that you can be directed to, it was the choice of the booter. It is not just the WMP that was exploited. If you are not patched which many people aren’t, you are prone to exploits. (The spoofed link guy stole probably 30 names just from the chat room that I frequent, he then went down the friends list on each account he stole).
As far as the voice freezing goes, a couple of third party clients handle this very well, one has an add on hook filter looking for certain packet values, while another one ignores new people on voice, two different approaches. Ytunnel does have a voice boot option but I don’t know how well that works. There were several filters available for older versions of Messenger to prevent voice booting, most were to level out the sound coming in, I don’t know if they would work on the new Messenger.
My point is that different versions of the IFRAME exploit just seem to keep coming back. And Ytunnel does not protect against them. Yahelite and Ymlite are probably harder to boot than Messenger/Ytunnel combo. Plus with a third party client in a chat room logged in YCHT protocol, you can still use your Messenger/Ytunnel in the background to handle your pm’s.
Now you may laugh at people who say “get a third party client”. But they usually say that because it is usually the easiest way to keep from getting booted. Some people do not know how to set up their messenger to keep from getting booted, let alone set up a client. Some can be confusing for a newbie to set up. When I am Yahoo Chat Help and I recommend Ytunnelpro, I tell them it costs 17 dollars for spam control and Ytunnelbasic without spam control is free, but I give them a list of 3rd party clients (which are all free) they usually go for the freebie ones.
I own every license on all the software on my computers and do not support cracked versions or shared keys of Ytunnelpro. 17 dollars to me isn’t even a half a tank of gas, it is a small price to pay, but for many it seems like a lot of money for the amount of chatting they do.
October 14, 2005 at 5:43 pm #60361Torseq Tech.MemberYahoo is constantly patching, but people are constantly looking for new exploits.
Definitely.
Adding a hook firewall (Ytunnel) doesn’t automatically protect you.
Correct, it’s got to be written well and know beforehand what to look for (same with AV, IDS, IPS etc. even AV’s advanced real-time heuristics have to know what to look for ahead of time). I never said otherwise.
That last exploit you are referring to was patched just before Christmas, 2004. Ytunnel did not protect against it.
Yes, I remember this exploit pretty well (which was why I brought it up), however, Y!Tunnel did infact protect against it. It did and it didn’t to certain “variants”. Let me explain — since when I was originally hit with this within 2 minutes I had ‘self-patched’ it within Y!TunnelPro. YTP’s got a wildcarding option for auto-ignore. This wildcarding will auto-ignore voice IDs also. By wildcarding *<iframe or even *< generically YTP would auto-ignore the voice names when they joined the conference and as a result you would not get 'hit' by this exploit. Now the way to get by this was to use characters before the start of the tag so the wildcarding could be avoided entirely.. ieg: 'mikexyz<iframe' would have evaded the auto-ignoring wildcard rule. So, with this in mind it's not entirely accurate to say that YTP didn't defend against it, it did, but it's defense was limited due to the fact that wildcard rules in YTP only have the ability (at present) to check for names that start with a given character sequence. The rest of your post I do agree with.
-
AuthorPosts
- You must be logged in to reply to this topic.