National

`Yahoo messenger' users face security hazards

By Anand Parthasarathy

KOCHI MAY 14. Even as users of Microsoft's free MSN Messenger service grapple with what the company last week called a critical flaw that left its PCs vulnerable to takeover by malicious hackers, customers of the other popular instant messaging service in India, Yahoo Messenger, were warned today by an IT website, of a possible security glitch. The woes of MSN Messenger users (of versions 4.5 and 4.6) came to light when Microsoft issued a security bulletin five days ago, saying the software's Chat Control feature suffered from what it called a buffer overflow problem. Stripped of the jargon, it meant that the messenger was intermittently unable to authenticate or restrict incoming data — a security hole that may allow a hacker to enter and run malicious programmes from the victim's machine. The solution suggested by Microsoft is to download the latest version of MSN Messenger that has closed the hole.

Even as 46 million users of the free utility, including a substantial number in India did just that, users of the rival Yahoo Messenger were warned today by the technology website CNET.com, that they too could be under potential risk if they followed the recommendation to configure their browser, Internet Explorer to accept scripts like JavaScript and ActiveScript from all domains on the Web. Enabling JavaScript is one of the basic settings users do with their browsers — as without this, they will miss out on some web content.

But, CNET says, malicious hackers can use this to gain access to your machine. Yahoo is quoted as saying it will take a look at the problem. This may be small comfort to lay users, because it now transpires that Microsoft was warned of the buffer overflow problem over a month ago but waited to close the glitch before making it public.

The argument advanced in its favour is that a premature announcement before a security hole is closed will trigger off more hackers.

But, millions of users of these messaging and email facilities are now realising that all these free services may be extracting a hidden price reduced security for one's PC.

Industry experts today were speculating that the intense race between the Big Three — AOL (with ICQ), MSN and Yahoo — to grab a bigger share of the instant messaging pie, may be one reason why they seem to pile on new and more mouth-watering features without fully addressing security issues.

Send this article to Friends by E-Mail

National

News: Front Page | National | Southern States | Other States | International | Opinion | Business | Sport | Miscellaneous |
Advts: Classifieds | Employment | Obituary |

Stories in this Section

• We can become partners even in unexplored areas: Rocca
• Shift seen in ISI strategy
• PM `satisfied', Sinha clarifies
• BJP plumps for Alexander, contest or no contest
• Patents Bill passed
• PM refuses to meet women's group
• Plea to free five Cubans jailed in U.S.
• Finance Bill gets President's nod
• `Food insecurity due to socio-economic inequity'
• Attack meant to provoke wider conflicts: CPI(M)
• `Yahoo messenger' users face security hazards
• Bill to regulate cable operators
• Indo-U.S. pact on occupational health
• LS to discuss Bihar package
• Stay on Bofors case

Copyright © 2002, The Hindu. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu