Could it be harm in anyway?! - Printable Version
-Shoutbox (https://shoutbox.menthix.net)
+-- Forum: MsgHelp Archive (/forumdisplay.php?fid=58)
+--- Forum: Skype & Technology (/forumdisplay.php?fid=9)
+---- Forum: Skype & Live Messenger (/forumdisplay.php?fid=10)
+----- Thread: Could it be harm in anyway?! (/showthread.php?tid=83632)
Could it be harm in anyway?! by Pink on 05-09-2008 at 07:35 PM
Hi...umm it might be a stupid question...but I'm curious
Is it possible that someone you talk to by the calling option or the video call or even accept their webcam can hack your laptop or spy or get viruses...or is it only by sending files?
Thanks
RE: Could it be harm in anyway?! by Spunky on 05-09-2008 at 11:00 PM
It's only by RUNNING files sent to you.
RE: RE: Could it be harm in anyway?! by bigb88 on 05-09-2008 at 11:21 PM
quote: Originally posted by SpunkyLoveMuff
It's only by RUNNING files sent to you.
even then most of the av's will have the info on it and pick it up as a hackintool or virus/trojan so but ya
RE: RE: Could it be harm in anyway?! by Pink on 05-09-2008 at 11:46 PM
quote: Originally posted by SpunkyLoveMuff
It's only by RUNNING files sent to you.
Thank you very much for answering ^^
quote: Originally posted by bigb88
quote: Originally posted by SpunkyLoveMuff
It's only by RUNNING files sent to you.
even then most of the av's will have the info on it and pick it up as a hackintool or virus/trojan so but ya
you mean even if the file hasn't been open
RE: Could it be harm in anyway?! by Th3rmal on 05-10-2008 at 12:14 AM
quote: Originally posted by Pink
quote: Originally posted by bigb88
quote: Originally posted by SpunkyLoveMuff
It's only by RUNNING files sent to you.
even then most of the av's will have the info on it and pick it up as a hackintool or virus/trojan so but ya
you mean even if the file hasn't been open
yes, most AV's scan incoming files and will tell you if it is dangerous.
Please edit your previous post instead of double posting
RE: RE: Could it be harm in anyway?! by Pink on 05-10-2008 at 12:18 AM
quote: Originally posted by Th3rmal
quote: Originally posted by Pink
quote: Originally posted by bigb88
quote: Originally posted by SpunkyLoveMuff
It's only by RUNNING files sent to you.
even then most of the av's will have the info on it and pick it up as a hackintool or virus/trojan so but ya
you mean even if the file hasn't been open
yes, most AV's scan incoming files and will tell you if it is dangerous.
Please edit your previous post instead of double posting
^
^
ooops sorry about that
and thanks
RE: Could it be harm in anyway?! by ahmetgns on 05-10-2008 at 05:39 AM
quote: Originally posted by Pink
Hi...umm it might be a stupid question...but I'm curious
Is it possible that someone you talk to by the calling option or the video call or even accept their webcam can hack your laptop or spy or get viruses...or is it only by sending files?
Thanks
In fact, after realizing that video call invitations have a security flaw, signing in using MSN Messenger 7.5 and Windows Live Messenger 8.0 has been prohibited by Microsoft and users have been forced to upgrade to 8.1+. You can read here and here
RE: RE: Could it be harm in anyway?! by Pink on 05-10-2008 at 10:03 AM
quote: Originally posted by ahmetgns
quote: Originally posted by Pink
Hi...umm it might be a stupid question...but I'm curious
Is it possible that someone you talk to by the calling option or the video call or even accept their webcam can hack your laptop or spy or get viruses...or is it only by sending files?
Thanks
In fact, after realizing that video call invitations have a security flaw, signing in using MSN Messenger 7.5 and Windows Live Messenger 8.0 has been prohibited by Microsoft and users have been forced to upgrade to 8.1+. You can read here and here
Thanks for the links
RE: Could it be harm in anyway?! by Farha on 05-23-2008 at 04:38 AM
so just to make things clear- if i use messenger 7.5 or 8 , then my video calls can be hacked? and something else - if the hackers can manage to hack into 8 wont they hack into 8.1 soon as well?? and the other latest versions too..
RE: Could it be harm in anyway?! by Spunky on 05-23-2008 at 04:40 AM
quote: Originally posted by Farha
so just to make things clear- if i use messenger 7.5 or 8 , then my video calls can be hacked? and something else - if the hackers can manage to hack into 8 wont they hack into 8.1 soon as well?? and the other latest versions too..
8.0 had a security flaw which has been fixed in the proceeding updates. It is now safe to use the video call function, unless more flaws are found
RE: Could it be harm in anyway?! by CookieRevised on 05-23-2008 at 08:40 AM
To take things in a bit of perspective:
Such flaws have never been misued to hack someone. They are possible security issues and many of them are even theoretical security issues (they could be used in theory, but never are in practice). 99.99% of them are found before anyone has been able to abuse them, if they even were possible to be used in that manner in practice. This is a very important note to take (especially for paranoids) when it comes down to heap buffer overrun flaws (which are what those security issues were). For more info on such buffer overrun issues see some very technical sites and papers. The important thing to remember is that those are possible in theory, but in practice it seldom works and it would be more "luck" than anything else; though they are considered more dangerous than stack buffer overruns (the later are very common actually in many programs).
PS: the only known virus which was somewhat succesfully in exploiting such a heap buffer overrun existed in 2002, afaik.
So, many of those issues are extremely hard to abuse and you need an extremely good programming knowledge and knowledge of the issue in order to even be able to, very maybe, abuse it in practice, and it would in practice only work in very specific situations and conditions. And the people who would be able to do this, are not going to bother to hack you, they probably have more interest in other things.
Remember that 99% of all virusses (especially the onces you could encounter in Messenger) are made by so called "script-kiddies", people who only have a very limited basic knowledge of what they are doing, and they usually do it in a basic programming language or even a script language more by copy-pasting code than actually programming.
Also, the chance that some real hacker will hack you is extremely small. Usually hackers do not hack one individual, they simply scan thousands of computers at random to find some weakness.
As for Messenger, it is not because version X has a flaw that the next update will have that flaw also. That is why it is extremely important to always install updates (goes for _any_ software, including Windows itself) and why it is very important to always mention the full complete version number. For example, there have been like 10 different "Messenger 8" versions. However there only was one Messenger 8.0.0812.
Don't worry about such things too much as long as you make sure you always have the latest version. And never execute a file which you recieve from someone in Messenger or by email, unless you know for sure that the file is safe and unless you expected the file.
Today the latest Messenger versions which can still be used, on Windows, are:
- Windows Messenger 5.1.0706 (for XP only)
do not confuse this with Windows Live Messenger... (and this shows the importance of version numbers and especially naming the things by their proper real name
- MSN Messenger 5.0.0575 (for Windows 95)
- MSN Messenger 7.0.0820 (for Windows 2000, 98, 98SE, ME and XP)
- Windows Live Messenger 8.1.0178 (for Windows Server 2003, XP and Vista) edit: depricted
- Windows Live Messenger 8.5.1302.1018 (for Windows XP and Vista) edit: depricted
Thus, for example, MSN Messenger 7.5 and Windows Live Messenger 8.0 to 8.5 have been dropped and can not be used anymore. They have been dropped because of such buffer overun issues/bugs. If you once used them, you must update to the latest version.
The latest version of Windows Live Messenger can be found here: http://messenger.live.com/
Also read:
http://messengersays.spaces.live.com/blog/cns!5B4...30829E!29791.entry
http://www.microsoft.com/technet/security/bulletin/ms07-054.mspx
which talks about that specific Webcam security issue.
To answer your original question: There were possible security issues where someone could execute some remote code on your computer by initiating a video chat. This means they did _not_ need to send you any files, like it was suggested a couple of times in this thread! However, as I also said before, 99% of all 'virusses' are spread by contacts sending files though (knowingly or unknowningly). So don't accept anything, and especially don't execute anything unless you know absolutely it is safe. If you have the slightest doubt, don't execute the files.
RE: Could it be harm in anyway?! by RaceProUK on 05-23-2008 at 07:22 PM
quote: Originally posted by CookieRevised
Such flaws have never been misued to hack someone. They are possible security issues and many of them are even theoretical security issues (they could be used in theory, but never are in practice). 99.99% of them are found before anyone has been able to abuse them, if they even were possible to be used in that manner in practice. This is a very important note to take (especially for paranoids) when it comes down to heap buffer overrun flaws (which are what those security issues were). For more info on such buffer overrun issues see some very technical sites and papers. The important thing to remember is that those are possible in theory, but in practice it seldom works and it would be more "luck" than anything else; though they are considered more dangerous than stack buffer overruns (the later are very common actually in many programs).
I would have thought the reliability of a stack buffer overflow would make them more dangerous? Then again, I've never heard of a heap buffer overflow exploit before.
RE: Could it be harm in anyway?! by Pink on 05-27-2008 at 10:28 PM
Thanks alot guys for all the info ^^ and links
|