Recent Posts

Pages: [1] 2 3 ... 10
*Important Announcements* / TEST 1, 2, 3 - YEAR 2019
« Last post by Brock on March 25, 2019, 12:21:56 am »
Windows / Re: Western Digital Ext HDD
« Last post by shadowalk3r on April 13, 2013, 03:08:30 pm »
I have an antique Seagate external drive. I use the the BU program that came with the drive. It allows you to pick which files to backup and to schedule when they occur.
The software that came with your drive is probably similar.
Windows has a backup and restore utility tool.
Windows / Re: Western Digital Ext HDD
« Last post by SomeGuyFromCanada on April 13, 2013, 01:08:59 am »
I am not sure. When I backup my PC. I just copy and paste everything into a folder and name the folder the present date. Then copy it over to my external HDD.

I have an older Western Digital external HDD.
Windows / Western Digital Ext HDD
« Last post by Breaker on April 12, 2013, 06:59:53 pm »
I bought WD 1TB ext HDD and i would like to know which program to use to backup my from from my laptop.. WD provides something called Smartware... Can i go with that one or just copy and paste files to my ext HDD?
Now that Yahoo! chat rooms are disposed of for us non-Japanese users there've been attempts to bring the rooms back by using their own version of Yahoo! Messenger for Japan. This was my first thought when Yahoo! Inc. ridded us of what we once had available to meet new people and interact in rooms. The Y! Japan servers and Messenger client are CRITICALLY VULNERABLE to not just YMSG-based Denial of Service attacks but attacks that can compromise your accounts including your e-mail, address books, and the Messenger login and chat service themselves. Yahoo! Japan is a division of Yahoo! Inc. based in the US but it is much smaller and primarily owned by Softbank, their largest shareholder (next to Yahoo! Inc. of the US). The primary investor still is Softbank, and, while a separate division entirely, their Yahoo! Messenger country-specific version itself and chat network are all based off our American version's counterpart. This shouldn't be surprising to some. Yahoo!'s Japanese Messenger and their own chat communications have always been years behind the United States' version's research and development and due to this they have the exact same security holes in the client software and YMSG chat server software as we still have and once had.

The once had part is why I'm posting this announcement in the first place. Since the Yahoo! Japanese corporation is years behind the US development of the Messenger client and chat servers, and they happen to share the same codebase for everything, they are also vulnerable to past exploitation attack vectors such as YMSG-based Denial of Service/DoS attacks (server-side and client-side), and, more importantly, account compromisation attacks. This means that IF you are running Yahoo! Messenger for Japan or a 3rd party chat client to connect and use their chat servers then you are vulnerable to YEARS FULL OF EXPLOITATION that formerly existed inside the US division's Yahoo! Chat network and Messenger client.

A couple days ago I reported to Y! Japan's security department and their Tier-3 engineers that Critical security holes exist in both their client and chat servers. I'm in the process of working with some engineers to resolve some issues, one of which I discovered back in the summer of 2010. This one particular critical vulnerability alone was introduced clear back in Yahoo! Messenger 6.0 (YMSGv12 protocol) for us US users, which was since patched after the details to it were released to the US engineers in private while Yahoo! Messenger version 11.0 was the current version (yes, it existed that long and nobody even knew). Again, they are separate divisions and having little to no communication between the two divisions is what has allowed this exploitation to be possible once again. With the US division of Yahoo! there are (and were) many, MANY more user's accounts at stake with this. While Yahoo! Japan may seem small it still is an entire country and with more and more non-Japanese users using their chat rooms these days since they took our [US] geographical servers away for chat rooms. There are 2 known ways to steal a user account's cookies from Y! Japan Messenger (newest build and ALL older versions and builds are affected) and I'm in the process of getting them patched, both of which use the same method I discovered while pen-testing YM back in 2010.

Turning off communication from non-buddies is the only way to attempt to *prevent* this attack from being exploited, however, even this isn't invulnerable unless you have no friends at all on your buddy list (contact list). Even then, past exploits could be used to add the attacker's exploit bot to your list and from there you'll once again be vulnerable. It's a lose-lose situation for anybody using Yahoo!'s Japanese Messenger at the moment. If you care about risking your security and privacy then DO NOT use Yahoo! Messenger for Japan until these vulnerabilities are properly patched! I will personally verify that proper patches are in place, as always, and then release the full details to the exploit (possibly to the Full Disclosure mailing list). I actually more or less did this a year ago (released the details) on a certain Yahoo! chat-related forum but it's since been swept away and only a select few individuals know how to perform this attack. Most people only know partial details from rumors they'd heard back when it was unpatched on the US Yahoo! Chat servers. Or, they only know that one way to do it but that's all it takes.

Exploitation Allows for the Following:

- Stealing your main ID, which could directly be linked to your e-mail address at Yahoo! if you have one set up and most users do

- Stealing 4 account cookies, 3 of which are extremely important in the realm of Yahoo!'s portal sites and services (chat, e-mail, calendar, address book, blogs etc)

- Stealing of IP Addresses and even being able to bypass specific proxies (such as HTTP, HTTPS and more) because virtually any TCP port can be used to connect out to the rogue remote location

- Allows downloading of ANYTHING (any file, regardless of size, type, or content) to your hard disk where malformed PNG images may be possible to exploit on the remote machine as well. This downloaded content is placed in the "C:\Program Files (x86)\Yahoo!\Messenger\Cache\Icon" directory by default and written to an extensionless raw flat file (providing an extension afterwards will allow the file to be ran as-is)

- Pidgin and potentially other LibPurple-based clients are also affected! Pidgin will attempt to write a file to "C:\Users\<username>\AppData\Roaming\.purple\icons" with a .png file extension regardless of size or file content type. Linux, Unix and BSD users are not safe from this exploit either as their IP Addresses can be stolen at the very least. My tests have shown that Pidgin is only vulnerable to your IP being stolen stealthily and to targeted YMSG-specific DoS attacks that can crash the client, however, it may be possible to steal the account cookies in older versions of Pidgin and/or other LibPurple dependent clients

- Exploitation is completely STEALTH, behind the scenes, and can steal thousands of accounts in minutes if cleverly designed to do so (up to 1,000 buddies on each contact list is allowed + chat rooms with no captcha codes in Y! Japan to get in the way = a massive amount of available users to exploit). If all chat rooms are hit and each buddy is hit on the victim's friends lists then this can and will amount to a lot of compromised accounts quickly. You can't fully stop this vulnerability from being exploited within the client itself and an attacker can harvest thousands of accounts very easily. Even with blocking non-friends as a solution, if a buddy is affected and compromised then they're already trusted because they're on your friends list to begin with. As a result you can easily be compromised too (as our former Proof-of-Concepts in private testing has shown)

- Server-side message archive retrieval? Only if they were using what their American division's counterpart is doing today. Luckily, for the Yahoo! Japanese chat servers and Messenger users, they are NOT doing this [yet] (again, they are years behind, but in this case it's a GOOD thing!)

- Denial-of-Service to the target user is possible via forcing a flood of HTTP GET requests to be sent out to download extremely large files and done even in parallel (Gigabytes per file). Attacks that are IP-based directly (D/DoS and penetration attempts) are much more probable and severe however

- Using Yahoo! Japan's HTTP proxy option in it's settings, which looks to IE's network settings, does not fix this issue but it does have one positive effect. This changes the YMSG protocol schema to YMSG/HTTP and prevents the 'ymsgr' cookie from being sent. Unfortunately, this does not help much since the 3 other cookies are still sent which include the main 2 which are all that are needed for e-mail and Messenger logins, the 'Y' & 'T' cookies by name

- Both Pidgin and Yahoo! Messenger for Japan allow for alternate ports for HTTP (HTTPS too in the case of Messenger) to make full exploitation more successful and detection harder if capturing packets during the session. Pidgin eats up as much as 1 Meg of memory per second if forced to download a very large file (1 GB and more were tested)

*Trillian was formerly affected too, as were other 3rd party Yahoo! chat clients that are less popular. However, at the moment, Trillian isn't affected because it only connects to the standard US-based Yahoo! chat servers and doesn't yet support Yahoo!'s Japanese servers (or accounts for Y! Japan). If Cerulean Studios adds in support for Yahoo! Japan servers before this vulnerability is patched (very unlikely) then they'll once again be affected since the last patch was only server-side. Given the critical nature of this hole it's extremely improbable that Cerulean will have a new build of Trillian out with Y! Japanese chat server support before this is properly patched*
*Important Announcements* / *Please Read* YTK's Future As FREEWARE & More...
« Last post by Adam X on January 25, 2013, 10:12:26 am »
Brock and I have been extremely busy over the last year and a half with our other jobs and we apologize for the lack of being accessible to you. Some of you have to keep in mind that Yahoo! has been more or less 'dead' for a long time now and YTK was still working well enough to not NEED an update, give or take a bug or two that can be worked around. YTK Pro was launched back in November of 2006 and eventually you just get burnt out on it all.
With Yahoo! Inc. closing down their chat rooms to the non-Japanese it has made Yahoo! Messenger (US version) simply a souped up pager mode tool once again (which is how it started, just not souped up). By the rooms being shut down it's on it's last leg and all that's left are it's capabilities outside of chat (IM's, conferences, games, plug-ins, file transfers etc). Yahoo! took away A LOT and, let's face it, it's been dying for many years. This was the 2nd to last nail in the coffin for Yahoo! Messenger.

Features that were removed -->>

YTK had support for Pingbox and had some nice options while it existed to us (including one which Yahoo! "borrowed" themselves - 'Require the sender to have a Nickname to Message you'). I had other options planned to lock down the domain and the specific webpage where the visitor would message you so you could control whether the messages legitimately came from that URL or not (if no location was supplied then that'd be another option). This never made it into YTK because Pingbox was, more or less, a feature that nobody used much. AOL had this with AIM and not just it but full user-created chat rooms that could be embedded on your website or anywhere you liked. They took these away and their web chat a couple years ago. Why? Who knows, it was a great idea and I personally loved it. Taking away Yahoo! Phone-In & Phone-Out reduces Messenger back to being VoIM instead of true VoIP (the ability to at least call landlines is what VoIP is, optionally mobile phones too). At least their PC to PC Video & Voice calling will still function and it's still free, of course.

Brock and I had made numerous fixes, some changes to certain features, and now, most of that was a waste of time. We realize that it's been 1 year and 10 months (nearly 2 years) since YTK Enhanced has been updated, however, it obviously still functions and does it's job. We're aware of the changes that've occurred since the last public release of YTK and they'll be fixed (most of them already are). YTK still has anti-boot, privacy and security functionality, integration into YM, and a ton of enhancements that are still very much useful. We stopped selling YTK just days after Yahoo! closed down their US chat rooms on the 14th of last month. We'll be cleaning the program up a bit and focusing on it's life as a Pager-Mode and Conferencing tool. Some of the chat room specific features, such as the Multimedia support, is still useful and can be broadcasted to your friends via your status and in conferences.

Over the next several days the main site @ may face some downtime for a bit for maintenance. It WILL be back if this happens. If it does become unavailable then you can still come to this forum using it's direct URL -->> instead of using -->> I've kept up with all that is Yahoo! Messenger (including chat still while it was around for us non-Japanese) and going forward you'll realize that neither Brock or I have lost a step. Anybody that knows about Yahoo! Messenger should know that without YTK they'll always be vulnerable to some nasty stuff, not just harmless boots. YTK has kept thousands of chatters safe and satisfied for over 6 years now and counting. While I'm not saying that we'll be working on YTK, now that it's becoming freeware, as much as we did when it first debuted as paid commercial software (YTK Pro) - I will say that it'll be updated to fix any major bugs, issues, adding some new features if we decide on them, and for compatibility to maintain the plethora of features it's had for over a half decade.

*Note* We're still somewhat considering adding chat room support for using Yahoo!'s Japanese servers (as extremely vulnerable as they are, more on this later). You wouldn't have to use the Y! Japan version of Messenger, if we do this, as it's as simple as switching a few packet type's strings for the locale and pointing to those servers instead of the US-based ones that no longer have chat room entry. The Japanese division of Yahoo!, in many aspects, are YEARS behind on just about everything pertaining to Messenger (and chat rooms). Booters have already been created to drop entire rooms in Yahoo! Japan and there's really nothing that can be done about it, there is no Dual-Mode that is possible with Y! Japan chat servers either (their newest version of Messenger is 9.5.1) as they're still using YMSGv16 as their current protocol. For Dual-Mode to work it required at least YMSGv18 (or v19). Version 102 works fine on Japanese servers though but that's about it, it won't help you against what's out there (stuff that was patched on the US chat servers recently and many YEARS ago).

I'll be posting more on the current Messenger/chat 'scene' and will be posting some useful and interesting information until the next build of YTK is available; which will be 100% FREE, 100% CLEAN of course, and due out SOON! This includes some DO's and DONT's with the current (very dated) public build of YTK Enhanced and other random stuff worth mentioning. Brock and I will keep you UPDATED regularly until it's re-launched as a freeware program. There will be no need for pirated/**** versions of YTK Enhanced anymore and no more registration key codes/licenses to have to worry about either! ;D
VC Sync General Discussion / Re: VC Sync with Yahoo! Messenger Conference
« Last post by Adam X on January 23, 2013, 03:53:11 am »
You're welcome, and yes, I knew this was coming after the rooms closed (to the non-Japanese anyway). Both YTK and VC Sync with voice lag protection enabled will defeat the lagging. VC Sync CE (freeware) has been free since March of 2010 so yeah it'll continue to work with Messenger and 3rd party chat clients that have voice conference support (the ones written in .NET can have incompatibilities but it's fixable in the .NET compiler options).

*Note* The application (Messenger or any other calling application to Yacscom.dll build 50) can be crashed very easily if the DSP Group's TrueSpeech codec isn't installed. The installer (for Vista OS's and newer) is linked to (over at on this forum along with some other information. You'll all want to make sure that you have the TSP codec installed and you're using either YTK or VC Sync's voice lag protection (do NOT use both together, they both do the same thing).
Yahoo! Messenger General Discussion / Re: Change is in the Air: Updates to Yahoo! Messenger Features
« Last post by SomeGuyFromCanada on January 20, 2013, 09:05:19 pm »
Paid chat didn't work well for MSN. Plus MSN was heavily moderated.
I don't know if this is true or not but I heard a rumor that Yahoo is going to be bringing the Chat Rooms back but the system will be more like Paltalk and you will have to pay.
Pages: [1] 2 3 ... 10