You are here: silicon.com > Software > Operating Systems

Operating Systems

Yahoo's IM software a hacker's dream

Get your patch here...

Printer Friendly Email Story RSS

By Graham Hayday

Published: 29 May 2002 08:00 GMT

The latest version of Yahoo's instant messenger software (YIM) contains a series of holes which could allow a hacker to take over a user's PC.

The vulnerabilities in the software, which is used by up to 60 million people, allow the unauthorised execution of programs on a YIM user's machine via buffer overflows or injections of Java or Visual Basic script in the instant messenger content tabs.

Security specialist Phuong Nguyen, of security firm Vice Consulting, is quoted as saying: "The net impact is to allow a relatively simple opportunity to hijack users' YIM client outright, and use it to attack or intrude into YIM users' supposedly private information systems."

A malicious hacker could get hold of a user's ID and password and send it to an email address or internet URL.

Malicious code could be buried in HTML pages or emails with text or images which encourage YIM users to click on them.

Yahoo has already released a patch (http://messenger.yahoo.com ), but this will temporarily restrict the functionality of the software until the company secures the full version.

Add Comment Add comment  Printer Friendly Print story with   Email Story Email story  
In
Applications

Operating Systems

SOA/Web Services

Malware

Security Strategy


Related Links

Sun to build Yahoo! into enterprise portals

'And Yahoo! must score...'

That's your lot - Yahoo! pulls European auctions

Flaw means Hotmail and Yahoo Mail users vulnerable

Yahoo issues Messenger fix

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

for IT White Papers Newsletter

Nick Heath Your top HR tech priorities for next year revealed How to make human resources IT work for you

Bob Tarzey Why you must rein in your power users When they do damage, it can be catastrophic to your business

Outsourcing: CIOs' tips on getting it right

Google's Eric Schmidt on search, Android and all things Wave

Revealed: Your favourite Windows operating system

Maemo and Android: Symbian's open source rivals up the pressure

Open source? No good for cost cutting, say CIOs


  • Jobs
Product Manager, Surrey

Helping to negotiate pricing, distribution rights, branding etc with new suppliers - Creating and managing product collaterals – packaging, ...

BI Test Script

Large Energy Corporation looking for a BI Test Script Writer to work in Crawley. Role Requirements * Writing SAP BW technical product test scripts ...

Alterian Systems Engineer Bristol to 45k

Manage implementation issues *Produce relevant types of document required to support Alterian solutions *Build & implement new Alterian systems ...

Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.

JD Edwards Spotlight Video

CEO Dashboard Management: Why Creating Visual Reports You Can't Hide From Will Help...

Virtual Private Servers (VPS)

Looking for a fast payback? 10 Minutes with Free Tool Can Save Thousands

Martin Brokers cashes in on back-up swap

VocaLink makes virtualisation pay

Sony Pictures sets sights on best IT Oscar

Co-op Group kicks "server sprawl" into touch

Arts Council gets tech troubleshooting boost

Torex tech treats Thorntons to quicker sales

Stories from the web...


Anti-ageism legislation isn't working, say IT pros

Leaked report reveals billions in budget cuts for public sector IT

Mini laptops, codebreaking, Wikipedia and why there's no 'British Google'

Recession fuels fears of UK jobs being sent offshore

eBay app lets users bid from a BlackBerry

ID card database: 500 names added in first month




Quick Sitemap Links: