Yahoo! Protocol: Part 19 - Conclusion

[tansqrx 0]

Throughout this tutorial the main objectives has been covered. Part 12 describes the exact packet structure generated by the shared files boot. Part 15 shows that it is possible to write a booter from the ground up only using information gathered through a network sniffer. Parts 16-18 shows that a booter performs its work by creating a timing fault that in turn cases the stack to be corrupted and an access violation generated. Part 18 also explores why injection of arbitrary code is not possible using current booter technology. In my closing opinion, I believe that Yahoo! has dodged the bullet for this exploit. This particular exploit has been in existence since mid-2004, and even with auto updates, Yahoo! has failed to fix this problem. If the stack corruption had occurred in any other place it may have been possible to run arbitrary code and a much more serious situation would occur. Program bug removal has always been a large problem for coders, especially with such a large user base as Yahoo! Messenger. There are hundreds if not thousands of rogue users all working against Yahoo! Messenger and the YMSG protocol. The question is not if another booter will expose itself but when. When the next round of booters are released, will random luck cause the program to crash in the program execution path or will it open a new door to run injected code? Only time will tell.