tansqrx

This could be taken two different ways from my point of view. 1. How much time to I physically spend using network resources.2. How much time does my computer(s) spend using the Net.I am usually physically using the Net about 5-8 hours a day, including work. On the other hand, my network connection is never idle. I always have something either downloading (uncopywrited, music files ) or scripts running. I also have 3+ computers that I run all the time so does each computer count?8 at work24 x 3 computers at home=72All together I would say I spend 80 hours a day using the Net.

XIII,Thanks for being so straight forward. I tip my hat to you. Even though you were in danger of being “in trouble” you still done the right thing and let someone know of the bug. This is that makes some parts of the web such a great place to surf.

In a different article I heard that this exploit had something to do with AJAX. I have yet to find a good resource that fully describes the problem. Is the script run on the server or on the user’s end? It is slightly confusing as I have not heard that it only affects IE or Firefox and that is usually the deciding factor when a web exploit is run on the user’s machine.

I have to agree, the learning feature is horrible but I see it as being bad from a different perspective. From what I read, Norton “learns” what wants to access the Internet and then allows it. What keeps Norton for “learning” that a piece of spyware wants to access the Internet and then just allows it. I turned this feature off as soon as I found it. I also turned off automatic program option. This basically lets any program that is on a white list access the Internet without you being prompted. From my experience there are quite a few programs that I don’t want accessing the Net. An example of this is Explorer.exe. Quite frankly I do not want a program with such low level access to my system touching the Net. I also block such things as Windows Media Player (some of those “content protected” files have nasties hiding in them), notepad, and any other application that I feel has absolutely no business accessing the Net. If someone has never run a secure firewall before, they might be surprised what wants to phone home.

I have searched to no end to find a place to exclude directories. The big problem is the weekly scan, you know the one that run when you are not there and always forget about. In the weekly scan it just deletes the files without asking you what you want to do.As for the action you want to take, Norton does not exactly give you very many options. I have the Cain and Able setup file in my downloads folder. Whenever I download a new file, Norton pops up asking me if I want to delete the Cain and Able file. At the bottom there is an action, *Exclude. Like this is an option, there is only one choice. Even with it set to exclude it still happens every time. If I didn’t know better this is almost a software bug. It’s just getting too annoying.

I have a quite unique problem regarding Norton AV and viruses. I do software security research as a hobby. As such, I routinely harbor various “hacktools”, keylogers, exploit code and viruses on my machine.My problems began when I installed Norton Systemworks 2006. As usual Norton AV done a full system scan. This time however I forgot to dismount my virus directory and lost several years worth of downloads and research. This did not hurt that bad since I had all the viruses backed up but pissed me off none the less.What really irritates me to no end though is Norton tries to delete certain “hacktools” from the system without warning. This includes Cain and Able, netcat, and even nmap. I DO NOT WANT THESE DELETED! They are very legitimate tools for my machine and I need them to do my research. Besides I have no idea why nmap or netcat would be considered a hacktool, they both have very valuable non-hacker uses.Does anyone know how to take care of this annoyance? If not what general system suite would you recommend? I like Norton for the high level of protection and frequent AV definitions. It has gotten me out of sticky situations when surfing into the underbelly of the Internet. I hate to loose it but Symantec is starting to leave me no choice.

I do a lot of network programming and Ethereal is an absolute essential tool to have. When I reformat my computer this is one of the first tools that get loaded. I have always found it a fun exercise to close all programs and let Ethereal run. You can very quickly get an idea of what programs running on your computer are talking to the Internet without your knowledge. You will get the usual ARP requests, MS Browser requests, and sometimes AV updates. The things to look out for is traffic that you were not expecting, perhaps a spyware program talking to http://www.theplacematpeople.com/. This is actually one of the sure fire ways to find spyware on your system. You just have to be patient and educate yourself on what you are looking at.In response to vicky99’s question, it all depends. I am assuming that you have a wireless café running into a broadband connection. I am also assuming that the network is internally switched (meaning you have a switch not a hub) and everyone is running a variant of Windows.The purpose of Ethereal is to listen to all network traffic seen by your computer. There is an additional mode of Ethereal called promiscuous mode that will not only allow you to see traffic addressed to your particular computer but anything on the wire. You should review a good networking book for all of the details but basically if you have a hub then you will be able to see everything that all computers on your network sends and receives. If you have a switched environment then you will only see what is coming to your computer. This may further be complicated by NAT routing. Once again you should get a good understanding of how common networks work.What you see is also determined by the placement of the listening computer. If you are one of the computers out in the larger network then you will not see as much. The idea placement should be between your LAN hub or switch and the Internet connection or router. Another caveat to this process is if you have wireless. Promiscuous mode usually does not work on wireless networks on Windows based machines. This is yet another reason to place the listener right before the external Internet connection.As for seeing all traffic that your patrons are requesting, yes you can very well do that. The downside is that there will be A LOT of traffic and you will have to learn how to filter the requests. Ethereal is only a listener. If you want to be more proactive then you will have to use another product such as Snort. Snort is another free open source product and is usually used as an intrusion detection system (IDS). It uses all the same file formats as Ethereal so the two are very complementary. I am far from an expert on Snort so I will leave it to someone else to explain the finer details. Entire books (quite large ones) have been written on both Ethereal and Snort as well as a large amount of information on the web.At the very least you should try it out. You have nothing to loose and a great deal of knowledge to gain. If you have a question then stop by the Ethereal website, the documentation is quite good. The mailing list is also a good place to ask questions. I have asked a few questions myself and have always gotten a quick and helpful response. I hope this helps you out and if you have questions be sure to let us know.

I have found similar reports on other boards. I am considering this a confirmed bug and opening a bug report on http://www.ycoderscookbook.com/ . Do you have any more information like what version of messenger you are using or what version of messenger the other person is using?

I have been having problems with my stealth setting for about a week now. Apparently when I have all users set to invisible it works fine. Also when I go available everything appears to work fine. The problems is when I set a custom message all of a sudden the users that I have individually set to offline can see me. I have not been able to reproduce the results myself but it is starting to become a problem as people that I would rather not talk to IM me now. Anyone else run into this? Is this another bug?

Being safe on the Internet is a multifaceted goal. No single check or piece of software can do it for you. In my option, the way to be safe is to be knowledgeable about computer security and take some time to learn the basics. With that said I usually recommend four things you can do to be safe. Have antivirus installed and regularly have definitions updated. This one should be self explanatory as you have heard this before. This is to make sure that if something does get in it gets caught. Run Windows update and install updates are they are available. A high propriety update from Microsoft basically means that someone has figured out a way to break into your machine. If you have not updated your machine in awhile then you have some gaping holes that anyone could use to gain access to your machine. Run a firewall. Even the firewall in SP2 is a good firewall. This detects threats as they enter your system and keep them from even getting to you machine. I also highly recommend running a hardware firewall such as a router firewall. I use both a hardware firewall and Norton Firewall. A good site to test your firewall is Shields Up! located at https://www.grc.com/intro.htm Scan your system for spyware. These are just as bad as viruses right now. I use Spybot (https://www.safer-networking.org/) and Adaware (http://forums.xisto.com/no_longer_exists/). Be educated about what you are doing. I have found that most people donât have any idea why they should do such things. If you donât understand then educate yourself. For beginners go down to your local bookstore and pick up a copy of security for dummies or something similar. Education is the greatest power.

I was quickly flipping through the latest issue of 2600 (https://www.2600.com/) when I came upon a very interesting article entitled “iPod Sneakiness.” It basically explained how one could trick a computer user into coughing up some valuable information just by attaching their iPod to that computer. We have all see the autorun message when you plug a USB storage device into your computer. The author simply wrote his own autorun program that captures passwords and other goodies on the victim’s machine. I have to admit that I never thought of this and it is quite ingenious. Any thoughts on this one?

I have to play devil’s advocate here for a moment. I agree that the XP interface can bog down slower machines but I still prefer it to the 2k style. I am running an older 1.1 GHz Athlon and I do everything I can to squeeze out every last bit of performance. I shutdown services, remove programs from startup, and various other speed inducing activities but I will not touch the UI. I guess it’s the fact that I just like it and it is much more pleasant for me to look at than the 2k version. I suspect this is due to that fact that I do spend the majority of my day sitting in front of my monitor. It is sort of a psychological trick on the mind. You feel more at ease being chained down to your chair when you are looking a smooth edges and a picture of rolling hills and flowers. I am sure this is not at all by accident. Since the majority of user hours working with Windows is in the corporate world, Microsoft surely has put a lot of time and energy into making their UI more pleasant to look at. Here is a good question that you should research and get back to me with. How many psychologists are on the Microsoft payroll? How many psychologists do you think are working with Microsoft right now on Vista? It would be only natural for Microsoft to think this way for their flagship product. Interacting with an inanimate object and not being completely repulsed by the entire experience is quite the undertaking.Well time to daydream a little more. I think I am going to minimize all my windows and stare at the rolling green hills and brilliant blue sky and pretend that I was out running on them and frolicking in the flowers.

Isn’t this the some old discussion that guns don’t kill, people do? Google is only a computer program. By itself Google can not do anything wrong or illegal, it only follows a preset algorithm entered into it by its programmers. As time has told, apparently Google has a really good algorithm and it shouldn’t be changed. Google’s job is to index every page on the Internet despite what that page may hold. It is up to the end user to do what is best. I guess the bottom line is that Google does not search for bad things, people do.

http://www.ycoderscookbook.com/ Notice from vizskywalker: Moderators, please help me find the rest of the tutorials (1 through 13) and add quotes if they aren't quoted

With increased complexity in sharing files, the file sharing P2P command has become a target for boot code writers. One such attack comes in the form of the shared files boot. The shared files boot is the most popular and effective boot against Yahoo! Messenger as of spring 2005. Because of its effectiveness, the shared files boot is the basis for most other boot code in circulation and will be the main focus for the rest of this paper. The basic structure of the shared files boot is shown in Figure 30. It is seen that the packet sent is not very complicated. The packet only contains the sender, recipient, type of transfer, and system information. The shared files boot gains its power not through an invalid packet or buffer overflow but through timing issues within Yahoo! Messenger. Sending a single shared files boot packet will not cause Yahoo! Messenger to crash. The same packet must be sent multiple times in rapid succession in order to create a crash. The operation usually requires three or more packets to be sent very close together. The number of packets needed may vary depending on the attacker’s internet connection speed, server load, network latency, and other network factors Figure 30 - Shared Files Boot Structure As discussed previously, once a request has been received by the victim the victim’s client must do considerable processing on the packet. Among other tasks, the client must access the registry, parse the message, and prepare Yserver.exe to accept the incoming file. If for whatever reason the victim’s client receives a second file request packet before processing is complete on the first one, a crash in the victim’s client will occur. Figure 31 shows the result of a shared files boot and Figure 32 shows the program used to create it. Figure 31 - Results of a Shared Files Boot Figure 32 - Shared Files Booter http://www.ycoderscookbook.com/

Sounds interesting. Do you have an original article or external links?

Thank you for all of your wonderful replies. I just wanted a few quick clarifications. What are SE rankings, DMOZ, and ODP?As to Yahoo!, I highly doubt they would want to promote this site in any way. As it stands, they are quite closed lipped about any of their protocols. But I believe in open sharing of knowledge.Searching Google I can actually find several links to my site through Xisto (thank you Xisto) but no direct links.

I was wondering if anyone has some ideas on how I could promote my website on the cheep. I am the owner of a wonderful site called Yahoo! Coder’s Cookbook (http://forums.xisto.com/no_longer_exists/). My goal with this site is to provide informative information about Yahoo! Messenger and the protocol it uses. Unlike many of the other Yahoo! sites out there, my site is geared toward the academic and open discussion of Messenger. I have a few good articles that I have spend quite a bit of time composing and I will have lots of new stuff coming soon.The problem is no one knows about it. I have submitted my site to all the major search engines over 6 months ago yet when I search I can not find any direct links to my site. I have also scoured my logs and found that many of the major search bots have made an appearance. Would there be any reason the bots would refuse to index my site? Does a robots.txt have to be setup for the bots to index?I am gaining no money off the site and am doing this out of the goodness of my heart. Are there any good, free methods of promoting what I have to offer? Any suggestions would be appreciated.

I at least had to ask. The reason I need such a service is to get away from Hotmail and go somewhere else without losing all the mail. This address is quite old and I have so many contacts that there is no way to let everyone know that I am moving.

Does anyone know a way that you can automatically forward an incoming message to another email account in Hotmail? Almost every mail service offeres this but I can't seem to find it in Hotmail.

.NET or plain jane VB?

Booters have been around since AIM first hit the scene. They exist for all major IM systems including AIM, Yahoo!, and MSN and are very real. I am mostly familiar with the Yahoo! variety of booters but I have seen some of the others in action also. Just stick around until I get to the good stuff. I still have sections on prevention and also some interesting (at least to me) research into if some forms of boots can be transformed into system compromises.

For whatever reason, certain users feel the need to harass other citizens of the internet. The following is a typical scenario of what may cause a Yahoo! booter to be used. Bob is an average computer user that enjoys talking to his friends over Yahoo! Messenger. One day, Bob goes into a Yahoo! chat room to discuss the topics of the day. After several minutes of intellectual discussion with members of the chat room, Jane joins the room. From the very beginning, it is apparent that Jane is in the room to cause trouble and starts a flame war. Bob and Jane quickly start to spar on various topics and in the process Jane becomes very angry with Bob. Having a very volatile and sometimes hostile personality, Jane gets to the point where if she could, she would physically assault Bob. Suddenly Jane leaves the chat room vowing that Bob would pay for his actions. Given the nature of the internet, Jane can never physically harm Bob in real life, but she can cause trouble for him online. Jane decides to strike back at Bob by making his online life extremely difficult. Unbenounced to Bob, Jane is quite computer savvy and decides the best form of revenge is to use a booter on Bob. Jane quickly refers to her stash of booter programs and picks her poison. Using the interface of the booter program, Jane enters Bobâs username and the names of her Yahoo! bots and simply presses one button. Almost instantly, Bobâs Yahoo! Messenger crashes telling him that an illegal operation has been performed and that the program must be shut down. Unknowing what happened, Bob restarts messenger and starts talking again. Within moments of signing back on Bobâs messenger crashes again. As it turns out, Jane is quite vindictive and has performed this operation numerous times, essentially creating a denial of service attack on Bob. Over the course of a week of attacks, Bob finally gives up and is forced to create a new username. This process leaves Bob with no other choice but to recreate his buddy list, inform his friends of his new username, and create a new address book  Although no physical harm was placed on Bob, Jane did in fact make his Yahoo! experience, âYaHellâ. Everyday new booters pop up on underground Yahoo! sites. The purpose of these programs are to either crash Yahoo! Messenger, knock a user offline or make a userâs online experience terrible. Booters usually work in one of two ways, exploiting holes in the messenger protocol client, or using multiple bots to flood a user offline. In the exploits camp, several holes have been found in either the Yahoo! protocol or in Messenger. This type of booter usually causes Messenger to crash immediately with an error message, as shown in Figure 28. This is usually accomplished by sending a malformed TCP YMSG header to the victimâs client. These exploits only require one bot to accomplish their task. A bot is just a Yahoo! ID currently logged into the Yahoo! Server. Figure 28 - Yahoo! Messenger Crash after a Boot The other way to crash Messenger is by causing a bot flood. The malicious user must first make a huge amount of bots (500-10,000). The booter program then signs in all of the bots onto Yahoo! Once sign-in is complete, every single bot sends a message to the victim all at once. This creates several thousand messages hitting the victim at the same time and often crashes the client in short order. At the very least, the victimâs computer will be filled by IM messages and make the computer and Messenger unusable. See Figure 5 for an example of bot flooding.  This method can be very time intensive in creating the bots, and is usually not worth the effort when trying to crash a regular Yahoo! Messenger client. Bot flooding when coupled with about 5,000+ bots can bring down almost any client including some of the more secure clients, such as YahElite and YTunnel. Figure 29 - Bot Flooding http://www.ycoderscookbook.com/

Not all packets are sent through the Yahoo! servers. Sometimes it is best to initiate a direct peer to peer communication between clients. Once a connection has been established, all IM and other traffic travel directly between peers. This type of communication is known as peer to peer (P2P) and is initiated with a Yahoo! service called Yahoo_P2PFileXfer. The main reason to create a P2P connection is because a large amount of data must be transferred between clients. A direct connection takes extra processing and network traffic burden off the Yahoo! servers. The most common applications that rely upon P2P connections are file transfers, voice conversations, webcams, and certain IMvironments. Figure 26 - P2P File Transfer Request Transferring a file in Yahoo! Messenger is much like downloading a file via HTTP. Yuser1 sends a request to send a file to the recipient Yuser2, as shown in Figure 26. Within this request, the initiatorâs IP address is sent in the form of an http address such as âhttp://forums.xisto.com/no_longer_exists/. Yahoo! messenger then starts a web server from Yserver.exe and listens for incoming requests from Yuser2. When Yuser2 receives the request he has the option to either accept or deny the request as shown in Figure 27. Yuser2 then performs a HTTP GET operation using the supplied http web address from the Yuser1. This sharing scheme does provide a certain level of security for Yuser2 because Yuser2âs IP address is not reveled to Yuser1 unless Yuser2 accepts the file. Figure 27 - File Transfer Request http://www.ycoderscookbook.com/

An IM is the simplest service offered in Yahoo! and will be used as an example. This conversation will take place between Yuser1 and Yuser2 and is seen from the point of view of Yuser1. Yuser1 sends a single packet as shown in Figure 24. The packet contains the sender, recipient, message, and other system information. Due to the fact that the packet is proxied through the Yahoo! servers, Yuser2 actually sees a different packet than the one sent by Yuser1. The packet fields are reordered and the 5 field is changed to show who the current sender is. Figure 25 shows a received packet from Yuser2. Both packets are from the point of view of Yuser1. Figure 24 - IM Sent Figure 25 - IM Received http://www.ycoderscookbook.com/