ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Jobs
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


Online business Toolkit

Yahoo! fills in Messenger hole

Jim Hu CNET News.com

Published: 29 May 2002 11:03 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A security vulnerability that could allow hackers to delete files on someone's computer has prompted Yahoo! to issue a fix for the latest version of its popular instant messaging software.

The vulnerability allows hackers to impose a "buffer overflow" attack, meaning they could imbed a potentially harmful executable program on someone's computer. Using Yahoo! Messenger as its conduit, hackers could delete files or cripple a computer's security.

Yahoo! updated the 5.0 version of its service on Friday after the exploit was discovered. A Yahoo! spokeswoman said the company began on Tuesday to encourage Messenger users to download the new build of the software, which includes a fix for the vulnerability, from Yahoo's Web site.

"Upon learning of the issue, we responded quickly by making an updated version of Yahoo! Messenger available," Yahoo! spokeswoman Mary Osako said in an email.

Osako declined to say how many Yahoo! users were affected, but she reiterated that the update was released for all Yahoo! Messenger users. In April, 19.1 million people in the United States used Yahoo! Messenger, according to Web measurement company Jupiter Media Metrix. Because Yahoo! has many international users, the total number of people potentially affected by the vulnerability is likely much greater.

As of noon on Tuesday, there was no information on the Yahoo! site about the security hole. The vulnerability was first discovered by Vice Consulting, an information technology consulting firm based in Ho Chi Minh City, Vietnam.

Buffer-overflow vulnerabilities are common flaws in IM services. AOL Time Warner has been troubled by such security holes in its AOL Instant Messenger application. Microsoft also issued a warning on its Web site earlier this month informing people of a similar weakness that affected MSN Messenger software. Microsoft chairman Bill Gates has earmarked security as a top priority for the company largely because of the company's increased reliance on its .Net initiative, which will offer software and services over the Internet.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Viruses and Hacking News Section.

Have your say instantly, and see what others have said. Go to the Security forum.

Let the editors know what you think in the Mailroom.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with Konica

Did you find this article useful?
51 out of 76 people found this useful


In association with Intel

Talkback

Post a comment


Full Talkback thread

1 comment

  1. yahoo instant messenger is the best! Anonymous

Related Links

More In Online business



Company/Topic Alerts

Create a new alert from the list below:







Related Jobs

Project Manager - Consulting - Swindon, Berkshire, Cardiff

Solutions architect (Consulting/Pre-Sales/Billing/CRM/Commerce)

Business Development Manager (Consulting/Bus Dev/Pre-Sales)

Sentry Posts Blog

Toshiba touts Quantum Key Distribution

Toshiba research scientists have developed a method of distributing quantum keys more efficiently, the company has claimed in a statement: "[Quantum Key Distribution -- ] QKD --... More

Post a comment

Virtual Teams: Small Business Innovati...

Virtual Teams: Small Business Innovation Author: Eric Everson, Founder – MyMobiSafe.com As the founder of MyMobiSafe.com, I’ve found that because of our presence in the industry... More

Post a comment

Mobile Security and Innovation: An Ope...

Mobile Security and Innovation: An Open Case Author: Eric Everson, Founder MyMobiSafe.com The times are changing in the mobile industry as “big wireless” in the US Markets are calling... More

Post a comment