Alternatively, an HTTP route is available for clients behind a well-secured firewall, with HTTP requests being used to upload messages from the client, while downloading all messages which have accumulated on the server since the last request. Other ports may be used if this port is blocked. The YMSG protocol communicates between the client application, and a server, using a TCP/IP connection on port 5050 by default. Therefore, while it is difficult for an attacker to seize control of a Yahoo! IM account, it is quite easy for them to read all messages sent to and from the account holder, along with other details such as the list of friends, if the attacker has control of one of the computers through which the data is routed. YMSG uses a binary format in which the text portions of the data are transmitted in plain view. With the exception of the login authentication details, data sent over a YMSG connection is not encrypted. But some time around 2000 or 2001, Yahoo! upgraded its service to introduce a random element to each login attempt, defeating any further potential for replay attacks.
#ADIUM YAHOO MESSENGER PASSWORD#
This allowed any attacker who witnesses the transmission to merely reproduce the message verbatim in order to successfully log in, without actually needing to know the original password (or other details) which generated it. Originally the YMSG login procedure suffered from a security flaw known as a replay attack, in which a given password (or other authentication information) is always identically scrambled when sent across the network. However, because HTTP has no inherent sense of a persistent connection, Yahoo! instead relies on the client frequently contacting the server in order to approximate the sense of a connection required to give each user presence on the IM network.
#ADIUM YAHOO MESSENGER SOFTWARE#
In order for each user to remain 'visible' to other users on the service, and thereby signaling their availability, their Yahoo! IM client software must maintain a functional, open, network connection linking the client to Yahoo!'s IM servers.Īs some organizations block communication on the port used by Yahoo! IM, either because they choose to whitelist certain types of internet usage (only web surfing and email, for example) or because they seek to blacklist instant messaging services, Yahoo! provides an alternative route for connecting to their service which mimics the HTTP protocol used by the World Wide Web. The YMSG protocol uses the mechanics of a standard internet connection to achieve presence-the same connection it uses to send and receive data. One of the fundamental tenets of instant messaging is the notion that users can see when someone is connected to the network-known in the industry as 'presence'. Rival messaging services have their own protocols, some based on open standards, others proprietary, each effectively fulfilling the same role with different mechanics. Unlike HTTP, however, YMSG is a proprietary protocol, a closed standard aligned only with the Yahoo! messaging service. In essence, YMSG performs the same role for Yahoo!'s IM as HTTP does for the World Wide Web.
#ADIUM YAHOO MESSENGER SERIES#
The YMSG protocol provides a language and series of conventions for software communicating with Yahoo!'s Instant Messaging service.
0 kommentar(er)
