Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Security concerns put MSN Messenger beta on hold

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Security concerns put MSN Messenger beta on hold
Date: Sat, 9 Oct 2004 04:02:58 -0500 (CDT) 
http://www.computerworld.com/securitytopics/security/story/0,10801,96475,00.html

By Joris Evers
OCTOBER 07, 2004
IDG NEWS SERVICE

Microsoft Corp. has suspended the beta testing of the next version of
its MSN Messenger client because of a potential security problem, a
company spokeswoman said yesterday.

Testers discovered a potential security issue in the early version of
MSN Messenger 7 shortly after Microsoft made the instant messaging
client available to a select group of testers over the weekend,
according to postings on MSN Messenger enthusiast Web site Mess.be.

The problem lies in a new MSN Messenger feature dubbed "winks" that
allows users to send each other sound animations. The feature can be
abused to overwhelm a user's system, according to Mess.be.

The company has decided to put the test on hold and pull the software
while it looks into the issue. It will make available a new version of
the client, one without the winks feature, probably some time next
week, the spokeswoman said.

The test version of MSN Messenger 7 was designed to only allow
approved animations to be sent. However, Microsoft is investigating
the possibility that the feature may be exploited to send "rogue winks
that could cause security issues," the spokeswoman said. Although
winks will no longer be in this test version of MSN Messenger,
Microsoft still plans to include the feature in the final version of
the product, she said.

It is unclear how many people downloaded the potentially vulnerable
version of MSN Messenger. The software had not officially been
released to testers and only a small group of people was given access
to the download, according to Microsoft. However, the potentially
vulnerable instant messaging client has popped up elsewhere on the
Web.

Microsoft announced the limited beta of MSN Messenger 7 last week. The
test is a significant step in the release process for MSN Messenger,
which has 135 million active users per month. Microsoft hopes to
release a final version of the software in the first quarter of 2005,
after a public beta test scheduled for later this year.

While Microsoft's MSN group has pulled one trial version of its
products, another is back. The company on Monday quietly launched a
second "technology preview" of its upcoming Internet search engine,
MSN Search. The first preview went online in early July with an index
of 1 billion Web pages and was taken offline in August. The second
preview is similar, but Microsoft has now indexed 5 billion Web pages,
the spokeswoman said.

In addition to the larger index, MSN Search has been improved to
provide more relevant search results, the spokeswoman said. The
service also offers results from more Internet domains, as well as
spelling correction and cached pages, she said. The launch of the
final version of the MSN Search product, Microsoft's answer to Google
Inc.'s search success, is expected later this year or early next year.  
The MSN Search preview page is available at
http://techpreview.search.msn.com/.



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - 
http://www.osvdb.org/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Security concerns put MSN Messenger beta on hold, InfoSec News <=
Previous by Date:  [ISN] Linux Advisory Watch - October 8th 2004, InfoSec News
Next by Date:  [ISN] Microsoft Probes Flaw in ASP.NET, InfoSec News
Previous by Thread:  [ISN] Linux Advisory Watch - October 8th 2004, InfoSec News
Next by Thread:  [ISN] Microsoft Probes Flaw in ASP.NET, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]