What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » Messenger Plus! for Live Messenger » WLM Plus! General » discovered a security vulnerability

Pages: (2): « First « 1 [ 2 ] Last »
discovered a security vulnerability
Author: Message:
matty
Scripting Guru
*****


Posts: 8336
Reputation: 109
39 / Male / Flag
Joined: Dec 2002
Status: Away
RE: discovered a security vulnerability
It is the users responsibility to secure the logs not that of Messenger Plus! or Windows Live Messneger. Your chat logs are recorded in an unencrypted state by Windows Live Messenger. Messenger Plus! at least allows you to encrypt them.
07-30-2010 08:22 PM
Profile E-Mail PM Find Quote Report
Menthix
forum admin
*******

Avatar

Posts: 5537
Reputation: 102
40 / Male / Flag
Joined: Mar 2002
RE: discovered a security vulnerability
quote:
Originally posted by allaoua
download the pages of chat logs from other people is still a security hole
Plus! doesn't download the pages of chat logs from other people, at all. The messages come in through Messenger, all logging is done locally.

If you manage to download files from other people's "my documents" folder then those people do indeed have a security problem. A big one. But not one caused by Messenger Plus! It is the user's responsibility to keep his system secure. Plus! chat logs won't be the only sensitive thing stored in the my documents folder.

Good luck on warning the developers of each and every of the many thousands of applications which store private information on the user's my documents folder (where they belong) too.

This post was edited on 07-30-2010 at 08:30 PM by Menthix.
Finish the problem
Menthix.net | Contact Me
07-30-2010 08:29 PM
Profile E-Mail PM Web Find Quote Report
lizard.boy
Veteran Member
*****

Avatar

Posts: 1708
Reputation: 24
34 / Male / Flag
Joined: Mar 2003
RE: discovered a security vulnerability
allaoua, Are you saying there is a security flaw in Microsoft Word? Because when I save my documents it stores them on the local hard drive where any piece of malicious software could access them. The same goes for almost any other application you run on a computer.

If you need to keep your conversation secure, have it face to face in a private place.
07-30-2010 08:32 PM
Profile E-Mail PM Find Quote Report
allaoua
New Member
*


Posts: 6
37 / Male / Flag
Joined: Jul 2010
O.P. RE: discovered a security vulnerability
Mr. Matty is a big mistake to say that the user to protect their data, computer, nothing is left efcape when an application is released in final version, we see the computer user's most igniorant and beast  possible.

For you Mr Menthix
No they are not a security problem, but that's just the principle of Peer to Peer is its architecture is like that, and say it's illegal or not is another matter, but what Messenger Live Plus it makes the sparks that blew everything.
For you Mr lizard.boy :
Is not the same, save it in Microsoft Word is the user's choice because he will choose the site, but Messenger Plus Live is the default save location in acceissible by software Peer to Peer I know you'll tell me that the user can also drag the pages of chat logs to another location, but you have not mentioned it in the help and fewer risks, and the greater part of the user logins do not even know not that there are conversations in their "My Documents", well I have done my duty to tell you what I know and you to see, and if I must contact Microsoft to alert them to a fault I have no hesitation
07-30-2010 08:49 PM
Profile PM Find Quote Report
andrey
elite shoutboxer
****

Avatar

Posts: 795
Reputation: 48
– / Male / Flag
Joined: Aug 2004
RE: discovered a security vulnerability
I think this thread can be summed up with one picture:

[Image: picard-facepalm.jpg]


According to your logic, as far as I understood it, storing documents like chat logs in the "My Documents" folder is a security vulnerability because some people might accidentally share that folder with peer-to-peer applications?  (people still use those? o_0)

Everything you communicate with others via the internet can be logged by the receiver and there's no way Plus! could prevent that.

quote:
Originally posted by allaoua
Messenger Plus Live is the default save location in acceissible by software Peer to Peer
The My Documents folder is the standard location for storing such documents, as proposed by Microsoft.
And, it is indeed not the business of software like Messenger Plus! to check if users have set up their peer-to-peer software correctly.

quote:
Originally posted by allaoua
the greater part of the user logins do not even know not that there are conversations in their "My Documents"
Users get notified about chat logging the first time they use Messenger Plus and have the option to disable/enable it.

To sum up, this can't be fixed by Plus! because the problem exists between keyboard and chair.
[Image: w2kzw8qp-sq2_dz_b_xmas.png]
07-30-2010 09:41 PM
Profile PM Find Quote Report
Menthix
forum admin
*******

Avatar

Posts: 5537
Reputation: 102
40 / Male / Flag
Joined: Mar 2002
RE: discovered a security vulnerability
quote:
Originally posted by allaoua
if I must contact Microsoft to alert them to a fault I have no hesitation
Would be hilarious to see their response (y).

It would make a lot more sense to alert P2P program developers of the "security vulnerability" of sharing a folder intended for private files by default. But I doubt they'll give you much of a different answer than you get here.

This post was edited on 07-30-2010 at 09:54 PM by Menthix.
Finish the problem
Menthix.net | Contact Me
07-30-2010 09:47 PM
Profile E-Mail PM Web Find Quote Report
Chrono
forum admin
*******

Avatar
;o

Posts: 6023
Reputation: 116
39 / Male / Flag
Joined: Apr 2002
Status: Away
RE: discovered a security vulnerability
oops i guess i should alert hp too, my scanner is sending all the scans to a folder inside My Documents :(. Same for my webcam :( And Matlab, and Skype...
[Image: wdz_discrate.png]
07-30-2010 10:04 PM
Profile PM Web Find Quote Report
Kafman
Full Member
***

Avatar

Posts: 376
Reputation: 24
36 / Male / Flag
Joined: Feb 2004
RE: discovered a security vulnerability
Obvious troll is obvious...

just ignore him... it's retarded that you still argue with this obvious "security expert".
[Image: sig.png]
07-30-2010 10:42 PM
Profile PM Find Quote Report
Chrissy
Senior Member
****

Avatar

Posts: 850
Reputation: 5
29 / Male / Flag
Joined: Nov 2009
RE: discovered a security vulnerability
O.o Another newb. Now there's two of us :zippy:

This post was edited on 07-31-2010 at 02:08 PM by Chrissy.
07-31-2010 02:08 PM
Profile E-Mail PM Web Find Quote Report
matty
Scripting Guru
*****


Posts: 8336
Reputation: 109
39 / Male / Flag
Joined: Dec 2002
Status: Away
RE: discovered a security vulnerability
quote:
Originally posted by allaoua
Mr. Matty is a big mistake to say that the user to protect their data, computer, nothing is left efcape when an application is released in final version, we see the computer user's most igniorant and beast  possible.
Think of this analogy. You drive a car. You leave the car unlocked and the keys in the ignition. Your car is stolen. Who's fault is that? The manufacturer of the vehicle? No it is the responsibility of the owner.

Same goes for your electronic chat logs. In this case the car represents the chat logs, the car being unlocked is weather or not you encrypt your logs and the key in the ignition is the P2P software.
Your chat logs get stolen and your chat logs are read it isn't the responsibility of Plus! it is your own.

Data security isn't up to the developer. You choose to install what you want. It is your responsibility to protect your data.

Get a life and stop trying to act like a big shot. There isn't a security vulnerability if the user is stupid enough to not share HTML files it is their own fault. And what P2P app shares HTML files anyways?

This post was edited on 08-02-2010 at 03:10 PM by matty.
07-31-2010 03:41 PM
Profile E-Mail PM Find Quote Report
Pages: (2): « First « 1 [ 2 ] Last »
« Next Oldest Return to Top Next Newest »


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts
HTML is Off
myCode is On
Smilies are On
[img] Code is On