Social engineering - MSN Messenger - Yahoo Messenger - for users this summer it gets worse …
Messaging is being used ever more often at work as well as at home to communicate with friends, associates and strangers. But what about the security?
Well, maybe if you use MSN Messenger, you should try this during a chat session. Ask your buddy to allow you to send her a file. During this process one uses the netstat -an command. This command tells the user the address the file is being transferred to. This works if your buddy is not using a proxy. The command required is exedcuted as follows:
- click on start ==> then click on run ==> thereafter type: cmd.exe
- at the command prompt type: netstat -an
The above method works for MSN Messenger. If you want the IP of a user on Yahoo Messenger, all you do is add a user to your list with social engineering techniques, then you listen on port 5101 and send the victim a normal instant message. Yahoo compromises security in that way by attempting to establish a peer to peer connection between consumer clients, to save on server useage. Yahoo does not appear to care how easy it is to obtain a users IP by simply sending someone an instant message. Yahoo claims that the fact you need to add each other to a friends list first is good enough security to protect users.
So what good does this do?
Getting a person on your messenger list and sending them an attachment or file via the network will allow you to get their IP address. Even corporate users are rarely behind a proxy. If you want a non-proxy IP from a corporate user, messenger is the application they very rarely use with their corporate proxy.
Is this a security threat?
For quite some time, the Yahoo messenger protocol has been easy as chips to hack, to obtain cookies, disconnect users from the network etc.
This summer, however, Microsoft Messenger and Yahoo Messenger are about to link their networks giving users across network compatability.
What makes it also worse is that some companies, such as Yahoo backyard host names, all have the corporate ID of the person who uses the computer on their hostname. For instance, Yahoo uses:
- corpid.corp.yahoo.com
As a result the potentially malicious user knows
- the corporate login of the user,
- the real name of the user and
- the corporate e-mail of the user
Most certainly, Yahoo is not the only enterprise doing this is it?
=======>
PS1. You need a direct connection to the Internet to use the netstat trick: accordingly, DSL modem or a dialup modem that gives your machine the WAN IP - then this will work.
PS2. Jeremy Zawodny’s blog continues to have juicy stuff about Yahoo and MS Messenger as well as Trillian software (too bad I cannot get his postings via e-mail for convenience’s sake).
=======>
- Please check out as well:
- CyTRAP.eu/RiskIT Labs - Tool - one buddy list to rule - a small hack and Google connects to Yahoo Messenger, MS Messenger and others
_EFFICIENCY
Since 2000 we have been providing alerts, tips, tricks, white papers and legal briefs for people like yourself. Why not save yourself some time, provide us with your e-mail address and get better information sent to your in-box in upcoming weeks?
crime, IM, instant messaging, Microsoft, microsoft messenger, social engineering, Threats, Vulnerabilities, yahoo, yahoo messenger
