WebTeenChat.Com - Free Teen Chat Rooms

News

June 12, 2002
Microsoft Warns Again on MSN Chat Flaw

Users of Microsoft Corp.'s MSN Messenger, Exchange Messenger and MSN Chat software who applied a security patch last May for current versions of those packages are not safe if they have installed previous versions of the software after applying the patch.

In a security bulletin, Microsoft said the May patch works fine. But a new set of fixes is being released to ensure that systems are fully protected against the reintroduction of the vulnerable control, which happens when older versions of the software are used. A new MSN Chat control, updated patch, updated version of MSN Messenger and an updated version of Exchange Instant Messenger have been made available.

Customers who applied any of the May fixes, though, are being encouraged by Microsoft to consider applying the updated fixes.

The flaw lets malicious hackers effectively take control of a user's system -- a situation Microsoft says is "high" in severity. A user would have MSN Chat on her computer from either a direct download of the program from an MSN Chat site, or through inclusion with Microsoft's MSN Messenger and Exchange Instant Messenger.

The susceptibility comes from an unchecked buffer in the code that handles the input of a parameter in the MSN Chat control. By invoking this parameter in a specific manner, an attacker could overflow the buffer and gain the ability to run code in the user's security context.

Since the MSN Chat control runs in the security context of the user, the program would be able to take any actions that the legitimate user was capable of taking, including the adding or deleting of data or configuration information.

The buffer overflow can be initiated via e-mail, a Web page, or any other method where Internet Explorer is used to display HTML. If an attacker successfully enticed the user to visit his site, the control would be invoked once the Web page had loaded. If the page is sent as an HTML-based e-mail, the control would be invoked when the page renders either by opening the mail or through a preview pane.

Microsoft is quick to point out that the vulnerability does not affect IM technologies. MSN Chat is different from MSN Messenger, Windows Messenger or Exchange Instant Messenger in that those technologies are peer-to-peer messaging products and allow users to talk directly with each other. MSN Chat, meantime, is an ActiveX control that allows groups of users to gather in a single, virtual location online to engage in text messaging. While users of IM technologies log on to a directory server to announce their availability, there are no "rooms" as in MSN Chat and users exchange messages directly with one another.

Also today, Microsoft issued a workaround bulletin for an Internet Explorer Web browser security flaw found last week by Finnish computer-security company Online Solutions Oy.

According to the firm, IE is vulnerable to attack through its built-in gopher client. The attacker could exploit a buffer overflow bug to run arbitrary code on various IE versions, including 5.5 and 6.0. A malicious hacker could use the fault to take control of a user's computer.

Any attack could be launched via a Web page or an HTML mail message that would redirect a user to a malicious gopher server. At that point, according to the Online Solutions Oy's advisory, "the exploiter could do anything that a regular user could do on the system: retrieve, install, or remove files, upload and run programs, etc."

Patches for the flaw are under development and will be posted as soon as they are completed, Microsoft said. The specific workaround can be found in the "frequently asked questions" section of the workaround bulletin.

Henpeck worm cons MSN chat crowd

A worm spread among MSN Messenger users by fooling them into downloading an infectious file from the Internet, antivirus firms said on Thursday.

Known as Henpeck, the worm used MSN's chat network to send messages containing a link to a malicious online file, called BR2002.exe. People who clicked the link triggered a download of the file and inadvertently ran the infectious program. The worm then sent instant messages to everyone on a victim's buddy list.

"Recipients of the message are not automatically infected with the worm," said antivirus company Trend Micro in its advisory. "This happens when the recipient clicks the URL, which downloads the worm and executes it in the system."

The malicious file has since been removed from the Web, however, effectively halting the spread of the program.

Still, victims whose computers have been infected with the worm are likely to have had a "backdoor" program installed. The program, known as BKDR_EVILBOT.A, allows an online vandal to use the infected computer as a platform from which to launch denial-of-service attacks. Such attacks attempt to block another computer's or a network's access to the Internet by flooding the connection to the Net with data.

Rival antivirus company Symantec rated the Henpeck worm a 2 out of 5, where a 5 is given to the most severe outbreaks.

From On-line Chat to the Wedding

Dear Andrea!
I've read the internet love stories both in the Internet Kalauz magazine and on the web. They prompted me to want to write and share our own story which don't be surprised - but it began no less than 5 years ago, and is still going strong, and then some…. But I'm saving the best news last, now let me begin in the beginning, with our meeting.

In those days I worked at the JATE University in Szeged in the Department of English and had access to the internet. I've used the IRC before but at that time someone had unexpectedly greeted me and his first sentence was: 'Hello you dear girl” To which I responded: “How do you know that I'm a dear girl ?”

Anyway, I met a boy right there on the Internet. He was from Budapest and studied at the mathematical department of the University of Science (ELTE). Somehow he was different from the other boys on the net. I was pretty much getting tired of the fact that I could not carry on a decent conversation with any of them. We talked a lot and it became obvious that we had a lot in common. We became more and more impressed with each other as the days and weeks went by. We 'met' almost on a daily basis in the chat and if that didn't work, then we wrote e-mails. It often happened that we thought of the same thing, we felt the common tie and that we are important to one another.

Naturally, after a while we've exchanged pictures also and both of us liked the looks of the other. We've talked on the phone a few times and as a next step the situation had ripened to where we began to think we should meet in person. A month after our virtual meeting I traveled to Budapest where he waited for me at the Western train station. This was the first personal meeting which, although caused both of us plenty of anxiety, was not a disappointment to either of us, on the contrary. I really liked him and he seemed to like me. It was terribly cold that day, so much so that the rose he gave me froze in my hand, but we couldn't really tell we were so involved with each other. All day we've wondered around, on Margaret Island and the museum grounds. We had a wonderful time together, so much so that by evening I've almost missed my train.

There was no doubt in either of our minds that there will be a continuation. The following week there was more than the usual amount of communication between us and a week later he came to see me in Szeged. From then on we met on every week-end. Our love grew each day and it wasn't too long before we were planning a future together.

Viki & Geza Six months later we became engaged and the following year in 1996 we were married. I moved to Budapest and we've lived here since and we are crazy about each other.

We've not regretted anything. Our first child is due in March. I wish to all Internet couples the same joy that we have and are still experiencing.

Disruptive Behavior In A Chat Channel

Occasionally, in some of the Adult Chat Rooms, people will sometimes come in, with the purpose of disrupting the chat, either for maliciousness or disagreeing with a particular chat room's theme. We have seen 'bots, programs designed to flood the chat room; advertising, particularly on Yahoo or other Web Based chats that are unmoderated; and other people private messaging others without asking.

On IRC chat, the offensive user is usually kicked out by a Channel Operator. In Chat Channels without Operators, such as Yahoo Chat, the Chat users must use the command /ignore or click the ignore option in Yahoo. Disrupting a Chat Channel is offensive, and serves no useful purpose. If a user finds a particular Channel offensive, the best policy is to simply not join the Channel. No cause will be served by harassing users.

On IRC, most registered chat rooms have rules established by their founders. On IRC, to view the rules for a chat room, type !rules in your dialogue box, and a set of rules for that chat room will appear. Or, ask an Op, signified by a @ by their nickname. Not following the chat room rules will at the least get you a reprimand, or at worst, kicked or banned from the chat room. The Operators are there to assist and make sure the chat room is a fun and friendly place to visit, not to act as guards, but should anyone be disruptive, some of them take their work very seriously, so be forewarned.

As with anything else, where one chats is a matter of personal taste, and the responsibility to chat or not chat lies with the individual. I cannot stress this too strongly; Please, allow those who wish to chat their freedom to do so in which ever room they choose. I am sure that you would wish the same courtesy extended to your chat, in Channels that you enjoy.

Some Chat Tips For Beginners

Talking to other users, or "chatting", in Active Worlds is similar to chatting in any other Internet chat environment. Simply type whatever it is you would like to say and hit the ENTER key. Your words will be broadcast to everyone else nearby. Similarly, whatever words other people type will be sent to you and will appear on your screen.

If you are new to chatting over the Internet, you will quickly discover that chat has a unique set of rules and jargon (sometimes referred to as "netiquette") that can be confusing to a newcomer. But never fear, in just a few minutes you can familiarize yourself with some basic guidelines and in no time you will be chatting like a pro!

Here are some basic tips to keep in mind if you want to have a positive chatting experience:

Never type in all capital letters. WHEN YOU TYPE IN ALL CAPITAL LETTERS IT SOUNDS LIKE YOU ARE SHOUTING! People generally find this very annoying.
Be polite to strangers. If you don't know the people you are talking to, it is appropriate to be as polite as if you are meeting someone for the first time in real life.
If someone doesn't want to chat, don't harass them. There are plenty of people in Active Worlds to talk to. If one person doesn't want to chat with you, just move on, don't pester them.
Don't be offensive. Offensive behavior is totally inappropriate unless you are in private and among good friends who have indicated that they do not mind. Otherwise, you will just annoy everyone and you will wind up getting muted. Also in certain worlds and areas within worlds (such as Ground Zero in AlphaWorld) offensive behavior may be grounds for ejection.

Tip: Monitored chat

If you're looking for family-oriented chat, or chat that is more likely to be rated PG than rated R or X, you should look for a monitored chat. It's impossible for any chat service to watch all the chat in every chat room all the time. But chat services that have chat guides or chat hosts who help monitor chat are likely to have guidelines that support your desire to participate in friendly, clean chat. Monitored chat can't guarantee you won't bump up against some conversation that offends you, but at the folks being offensive know they're breaking the rules. They will likely try to keep a low profile, and guides or hosts should be able to take care of such a situation. Another advantage of monitored chat is that these chat services tend to have strict guidelines about malicious programming (often referred to as "bots"). Bots can be extremely troublesome – they can boot chatters, lag the room, disrupt games, and do all sorts of nasty things to disrupt your chat experience. Monitored chats, especially subscription-based chat services, are not very appealing targets for chatters who use bots, since they are likely to lose their accounts if they engage in this kind of behavior.

How to stay cool when someone is rude

1. Ignore the person totally.

Don't even speak about that person to the others in the room. Don't send rude messages back to the rude person unless you are ready for a flame war! Remember, they want your attention. Don't give it to them!

2. Report the incident in writing to info[at]stelivo.com.

We would like to know what the problem is, what room you were in, what day and time, what his/her name is, and any other details you feel are important. If you are very specific with all these details, it will be easy for us to find relevant information about this person. Whatever information you provide will only be known to us.

3. Don't give them the pleasure of finding out that you're upset by it!

Remember, they want your attention. But troublemakers are a sad minority. Don't let them spoil your fun!

4. You can always just log-off and go do something else.

It's your keyboard and you have control of it. Just calmly exit the chat room.

May 9, 2002
MSN Chat Control Has 'High' Security Flaw
A vulnerability in Microsoft's (Quote, Chart)Chat Control program can affect several popular messaging-related titles from the software giant, including the MSN Messenger and Exchange Instant Messenger IM programs. A malicious hacker taking advantage of the weakness can effectively take control of a user's system -- a situation Microsoft says is "high" in severity.

It mainly affects users of Microsoft MSN Messenger 4.5 and 4.6, which includes the MSN Chat control; Microsoft Exchange Instant Messenger 4.5 and 4.6, which also includes the MSN Chat control. Individual MSN Chat users are also affected.

A user would have MSN Chat on her computer from either a direct download of the program from an MSN Chat site, or through inclusion with Microsoft's MSN Messenger and Exchange Instant Messenger.

Attackers using this weakness can successfully run a program on a system that had the control installed. Since the MSN Chat control runs in the security context of the user, the program would be able to take any actions that the legitimate user was capable of taking, including the adding or deleting of data or configuration information.

Fortunately, the fixes are pretty simple. Those people using MSN Chat should upgrade their software by visiting an MSN Chat site. For this fix to start, a user must enter a chat room and accept for download the updated Chat control. MSN Messenger and Exchange Instant Messenger users should upgrade to the latest version of those software titles.

The Chat Control component does not ship by default with any version of Windows or IE. Those who are using Microsoft's latest mail products, Outlook 2002 and Outlook Express 6.0, are protected by default against HTML email-borne attacks. Outlook 98 and Outlook 2000 users who have also implemented the Outlook E-Mail Security Update are also protected from this kind of attack.

Because any code run by a malicious hacker would appear as if it is coming from a user and not from the operating system, any security limitations on the user's account would also be applicable to any code run by successfully exploiting this vulnerability. For companies where user accounts are restricted, like in an enterprise environment, any action an attacker's code could take would be limited by these restrictions.

The vulnerability in question only affects the MSN Chat control and not MSN Messenger or Exchange Instant Messenger, the software giant added.

But eEye Digital Security says that all Internet Explorer users are potentially affected because the ActiveX can be called from the codebase tag, which would prompt the user to install the ActiveX with Microsoft's credentials because the OCX is signed by Microsoft. Users that have not installed Microsoft Messenger or that have not upgraded Microsoft Messenger can only be affected if they accept the pop-up "Install Now" signed by Microsoft.

Microsoft acknowledged this point, but it pointed out that a malicious hacker "would have to entice the user to visit their Web site and convince the user to accept and install the control when offered. Since the chat control is meant to be used in conjunction with chat sites, it would be worth questioning the trustworthiness of any site that unexpectedly offered a chat control for download. The best action would be to refuse the download offered."

Uk Chat - Teen Chat - Adult Chat - Free Chat - Chat Rooms - Free Chat Rooms - Teen Chat Rooms

1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10