What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » Skype & Technology » Skype & Live Messenger » Is this issue caused by plus?

Pages: (6): « First « 1 2 3 [ 4 ] 5 6 » Last »
Is this issue caused by plus?
Author: Message:
Spunky
Former Super Mod
*****

Avatar

Posts: 3658
Reputation: 61
35 / Male / Flag
Joined: Aug 2006
RE: Is this issue caused by plus?
quote:
Originally posted by kabso 5
They should disable file transfer as well then

File transfers need to be accepted, then the file needs to be run before any damage is done. This is not the case the with the natural instinct to just click on links that are sent to you over WLM
<Eljay> "Problems encountered: shit blew up" :zippy:
11-18-2010 10:19 PM
Profile PM Find Quote Report
kabso 5
Full Member
***

Avatar

Posts: 137
– / Male / Flag
Joined: Oct 2007
O.P. RE: RE: Is this issue caused by plus?
quote:
Originally posted by Spunky
quote:
Originally posted by kabso 5
They should disable file transfer as well then

File transfers need to be accepted, then the file needs to be run before any damage is done. This is not the case the with the natural instinct to just click on links that are sent to you over WLM

Yeah. but file transfer is still dangerous, Its even more dangerous than hotlinks lol

people just accept the file just like they just click the link

Well, it should be the same in my opinion and don't  open any link from any contact that you don't trust and do not accept file transfer from them too.

At least allow links that contain youtube.com google.com /vb/ /forum/.jpg /gif

and about the script how its going to cause any problem, it will be marked so you can click or type, and If you typed, the link will disappear..

anyway, I like the idea of a shortcut key to open the last URL posted in the convo, but I guess it'll make the computer slow because the script will have to search the convo for it and I sometimes talk for hours so it would be a huge convo

Hope we'll see this script soon.
they said that they will still be upgrading WLM 2009 and WLM 2011 and updating their features so is the Plus5! will work in both 09 and 11?

8-)
11-19-2010 07:29 AM
Profile E-Mail PM Find Quote Report
Spunky
Former Super Mod
*****

Avatar

Posts: 3658
Reputation: 61
35 / Male / Flag
Joined: Aug 2006
RE: Is this issue caused by plus?
quote:
Originally posted by kabso 5
At least allow links that contain youtube.com google.com

http://mydomain.com/youtube.com/virus.exe

Can be too easily exploited.

As I said, even if you accept a file transfer without thinking, you still need to open it. You usually also need to confirm a message box that appears with EXE files downloaded from other people or websites. Then your antivirus might make objections about the file when you try to run it.

Most importantly, bots and scripts cannot initiate file transfers, meaning the file HAS to be coming from your contact. If it's a virus, they obviously don't like you very much, or don't know about it themselves. Links can be sent by any script that can send messages over the MSN protocol.



EDIT:

quote:
Originally posted by kabso 5
anyway, I like the idea of a shortcut key to open the last URL posted in the convo, but I guess it'll make the computer slow because the script will have to search the convo for it and I sometimes talk for hours so it would be a huge convo

The script would save the URL to a variable when it is received. You wouldn't have to search through anything.



EDIT2:

Because I can't update the FindLinks script (I'm on WLM 2011), I've made a lite version that can open the last link received. It then shows a confirmation box with the url, the contact that sent it and the browser it will open in. These confirmations can be turned off at the moment by changing a variable at the top of the script. I couldn't test this as I wrote it as scripts aren't accessing the chat windows properly yet in 2011. If there are any problems let me know (Y)



EDIT3:

Command is /lurl btw


.plsc File Attachment: LinkFixWLM2009.plsc (1.34 KB)
This file has been downloaded 149 time(s).

This post was edited on 11-19-2010 at 02:37 PM by Spunky.
<Eljay> "Problems encountered: shit blew up" :zippy:
11-19-2010 08:55 AM
Profile PM Find Quote Report
V@no
Full Member
***

Avatar
sexy

Posts: 162
Joined: Mar 2004
RE: RE: Is this issue caused by plus?
quote:
Originally posted by Spunky
quote:
Originally posted by kabso 5
At least allow links that contain youtube.com google.com

http://mydomain.com/youtube.com/virus.exe

Can be too easily exploited.

As I said, even if you accept a file transfer without thinking, you still need to open it. You usually also need to confirm a message box that appears with EXE files downloaded from other people or websites. Then your antivirus might make objections about the file when you try to run it.

Most importantly, bots and scripts cannot initiate file transfers, meaning the file HAS to be coming from your contact. If it's a virus, they obviously don't like you very much, or don't know about it themselves. Links can be sent by any script that can send messages over the MSN protocol.

From MS side, not client side! Do you really believe that people who see such security popups all the time (poor vista users) actually pay attention to them and not automatically clicking accept? really??? When you see someone sends you a file do you go on 10 minutes discussion about the file before you decide to accept and what do you do when you receive it? going through virustotal.com to make sure it's clean? - I doubt it. This argument is so weak...

And besides, since we already established that the links generated on MS server side, your example of spoof would not work, because program that parses the link would see that it's not youtube. So allowing common/safe websites pass through is a simple solution and would not rise up hell as current solution.

P.S.
several times I've received invalid youtube links since this nonsense started because MS replaced some characters in the url with * - now, this is unacceptable BS!


[EDIT]
Just noticed your script, thank you it is better then nothing. Will test it later though.
Here is another idea for these who's willing to help: A float window (or attached to the chat windows, or accessible via hotkey, whatever) that would show list of links from conversation. I see it as if it would only scan incoming messages and add links to it's own array as more become available. It could be individual list per conversation or one list with identifications from whom a link received.

This post was edited on 11-19-2010 at 01:29 PM by V@no.
11-19-2010 01:21 PM
Profile PM Find Quote Report
footose
New Member
*


Posts: 2
Joined: Nov 2010
RE: Is this issue caused by plus?
I downloaded wireshark and started searching for packets when you login to MSN Messenger.

It looks like there is a "policy" packet that is fired to MSN when you first login and it has contained in it what I believe the source of the issue is.

[Image: msn_packet.jpg]

Unless you go to the trouble of intercepting this packet and changing what it says before it hits the software, I'm not sure there is much we can do. There might be a way to hex edit MSN itself to always make this "enabled" - but again, might not be worth the effort.
BINGO. :D

[Image: msn_bingo.jpg]
11-19-2010 04:59 PM
Profile E-Mail PM Find Quote Report
Thor
Veteran Member
*****

Avatar
Awwwwwwww.

Posts: 1118
Reputation: 42
31 / – / Flag
Joined: May 2006
RE: Is this issue caused by plus?
quote:
Originally posted by footose
I downloaded wireshark and started searching for packets when you login to MSN Messenger.

It looks like there is a "policy" packet that is fired to MSN when you first login and it has contained in it what I believe the source of the issue is.

[Image: msn_packet.jpg]

Unless you go to the trouble of intercepting this packet and changing what it says before it hits the software, I'm not sure there is much we can do. There might be a way to hex edit MSN itself to always make this "enabled" - but again, might not be worth the effort.
Interesting. I wonder what other policy settings that are available to Microsoft's disposal.
:plus4: Translation guidelines for Messenger Plus! Live
I'm no longer around this town, but I miss the community dearly. You can always find me lurking in #banana, or at
nitrolinken.net.
11-19-2010 06:05 PM
Profile PM Web Find Quote Report
CookieRevised
Elite Member
*****

Avatar

Posts: 15519
Reputation: 173
– / Male / Flag
Joined: Jul 2003
Status: Away
RE: RE: RE: Is this issue caused by plus?
*sigh*

quote:
Originally posted by kabso 5
Well, it should be the same in my opinion and don't  open any link from any contact that you don't trust and do not accept file transfer from them too.
That thought process should be the same, but the reality is that it is certainly not the same for most people. Also, the possible protection methods are not the same. Each feature has its own specific problems and thus needs its own specific solution.

quote:
Originally posted by kabso 5
At least allow links that contain youtube.com google.com /vb/ /forum/.jpg /gif
As said, that would solve absolutely nothing, not in the slightest way.

Second, you are still seriously forgetting that MS can NOT magically make new features and let them materialize out of thin air on your PC. However, disabling the hotlinking is something they can control remotely, without the need for you to update and installing anything new. Anything else you ask for are full fledged features which does require at least a forced update (and which you probably will complain about too). And you seem to still forget that most WLM users are people who are not tech savy, much younger, behave in a different way accordingly, and use WLM differently.

quote:
Originally posted by kabso 5
and about the script how its going to cause any problem, it will be marked so you can click or type, and If you typed, the link will disappear..
So each time you are typing something, everything will be removed because the contact happened to send you a link? I'm afraid what you suggested isn't going to work and will be even more annoyingly than what it is suppose to fix.

quote:
Originally posted by kabso 5
anyway, I like the idea of a shortcut key to open the last URL posted in the convo, but I guess it'll make the computer slow because the script will have to search the convo for it and I sometimes talk for hours so it would be a huge convo
Even with your proposed method (copying it in the typing area) the script needs to 'search' for the link in each send message too, there is absolutely no difference. The length of the convo doesn't matter either.

But this said, this searching is instant. In fact, the script would need to do quite a lot more when it was created to copying the links in the typing area. Simply grabbing the last received url and making it available for opening in a browser by a shortcut is only a matter of milliseconds and a very few lines of code.

quote:
Originally posted by kabso 5
they said that they will still be upgrading WLM 2009 and WLM 2011 and updating their features so is the Plus5! will work in both 09 and 11?
yep, of course, why wouldn't it? You can read all about it in the proper threads.

----------------------------------------------

quote:
Originally posted by V@no
Do you really believe that people who see such security popups all the time (poor vista users) actually pay attention to them and not automatically clicking accept? really??? When you see someone sends you a file do you go on 10 minutes discussion about the file before you decide to accept and what do you do when you receive it? going through virustotal.com to make sure it's clean? - I doubt it. This argument is so weak...
Errr... you just provided the reason why MS took the decision to disable hotlinking...

quote:
Originally posted by V@no
And besides, since we already established that the links generated on MS server side, your example of spoof would not work, because program that parses the link would see that it's not youtube. So allowing common/safe websites pass through is a simple solution and would not rise up hell as current solution.
Quite wrong though. That is not a simple solution at all because there is no way to see if a link is good or malicious; a link can look ok, but in fact point to malicious data. That's the whole point of the complete disabling of links... But you aren't seriously suggesting for the MS's servers to download each and every link they come across to check if they file is safe or not prior to sending it to your contact do you??? That would take ages in that case and file transfers would become virtualy useless. Not to mention the problems it can bring with false positives and the massive temporary storage needed and the rediculus amount of processing power needed for all the milions of transfers each day.

PS: But Spunky was replying to kabso's suggestion to allow links which contain stuff like "youtube.com" (kabso's own words). Of course Spunky knows that www.something.com/youtube.com/virus.exe is not a real youtube link, but such a link is what kabso suggested (it contains youtube.com, but it can be malicious though).

Either way, links are not checked by Microsoft, all they did (and all they could do without forcing you to do an update (weeks later after the facts no less)) was disabling the hotlinking in conversations.

quote:
Originally posted by V@no
P.S.
several times I've received invalid youtube links since this nonsense started because MS replaced some characters in the url with * - now, this is unacceptable BS!
There is no reason why they would do that, and this is also the very first thing I hear about that and I'm closely following this whole issue, but maybe I'm missing something here...

quote:
Originally posted by V@no
Here is another idea for these who's willing to help: A float window (or attached to the chat windows, or accessible via hotkey, whatever) that would show list of links from conversation.
Have you read Spunky's second post in this thread? He already gave the link to an existing script which does that.

----------------------------------------------

quote:
Originally posted by Thor
Interesting. I wonder what other policy settings that are available to Microsoft's disposal.
winks, file transfer, display pictures, dynamic backgrounds, photo sharing, phone, voiceim, voicemail, plugins, camera, audio, sharing folders, signature sounds, location PSM, ... to name most of them, maybe with a few exceptions.

----------------------------------------------

Don't get me wrong people. Yes, at times I find it annoying too that they are disabled. But you may not forget that the average user is not someone with a very big knowledge about security and what not. So, yes, they do need protection from themselfs in this particular situation. Also, a lot of your rants are based on assumptions, nothing more. The truth is quite often completely different.

Bottom line is that this protection IS the only thing they could have done and it is a very sensible one which hasn't been taken lightly for that matter. In fact, they even did you a favor by not forcing you to upgrade to WLM 2011 or providing you with a forced update for WLM 2009 (which wouldn't be possible to make so quickly anyways <- another thing sometimes forgotten).

So, yes it is annoying, and yes MS sometimes do stupid stuff (imho)... but in this case, taking in account the limitations they have, the severity of the threat, and the average WLM user, I fully support this decision, in all of its aspects.


----------

PS: footose, can you resize your wireshark screenshots a bit? They are screwing up the thread layout. ;)

This post was edited on 11-21-2010 at 02:47 PM by CookieRevised.
.-= A 'frrrrrrrituurrr' for Wacky =-.
11-19-2010 07:50 PM
Profile PM Find Quote Report
footose
New Member
*


Posts: 2
Joined: Nov 2010
RE: Is this issue caused by plus?
np :)

posting a how-to right now.
enjoy. re-enable links in messenger

http://www.generationmediagroup.com/blog/re-enabl...s-in-messenger-09/

:)
11-19-2010 08:48 PM
Profile E-Mail PM Find Quote Report
V@no
Full Member
***

Avatar
sexy

Posts: 162
Joined: Mar 2004
RE: RE: Is this issue caused by plus?
quote:
Originally posted by footose
enjoy. re-enable links in messenger

http://www.generationmediagroup.com/blog/re-enabl...s-in-messenger-09/

:)

:banana:
Works great, thank you!
11-20-2010 12:18 AM
Profile PM Find Quote Report
babygrl22
New Member
*


Posts: 3
– / Female / Flag
Joined: Nov 2010
RE: Is this issue caused by plus?
ohhh so that's why links don't show up hahha...i thought that it was something wrong with my laptop xD or my WLM :P thnx
11-20-2010 04:00 AM
Profile E-Mail PM Find Quote Report
Pages: (6): « First « 1 2 3 [ 4 ] 5 6 » Last »
« Next Oldest Return to Top Next Newest »


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts
HTML is Off
myCode is On
Smilies are On
[img] Code is On