Yahoo Messenger 9 offers a more elaborate friend list and can display videos and photos in the chat window.
(Credit: Yahoo)You can't take it with you, at least when it comes to your social graph.
But with a new beta version of Yahoo Messenger 9 software (download it for Windows) released Thursday, users have new options for reconstructing networks of friends and contacts they've built elsewhere.
The new beta of Yahoo Messenger 9 can help user invite contacts on AOL, Google's Gmail and Orkut, Microsoft's Hotmail, MySpace, and other online services to connect through the Yahoo service. Version 9 also includes a special group of all people in your Yahoo address book, helping to connect with contacts users may have stored elsewhere within Yahoo itself.
Also tying more deeply into the rest of Yahoo, the new beta can be used to reflect some other activities within the network--for example, when somebody spotlights a Web site of interest using Yahoo Buzz.
"We'll add more types of updates in the future," said product manager Sarah Bacon in a blog posting about the new beta.
Yahoo Messenger 9 is intended for use on Windows XP, in contrast to the more obviously named Yahoo Messenger for Vista (download it for Windows Vista). The final version of the Yahoo Messenger 9 is due in the third quarter, Yahoo said. The Mac equivalent is scheduled to be released by the end of the year.
Also new in the beta is a better interface for setting status messages--even if you're away from your IM software, Yahoo said. And links to games present in Yahoo Messenger 8 has made its way to version 9, so users can play pool, checkers, and others. However, only those with version 8.1 or later can play games with those using the version 9 beta, Yahoo said.
Yahoo Messenger's icon, a frighteningly happy face, reflects the fact that people have a whole section of their brains just for processing facial information. Yahoo is tapping into that visual cortex a little more directly with the new beta, which uses larger emoticons.
For further information, check Yahoo's blog about the new beta or a Messenger 9 beta demo video.
Testers of the Yahoo Messenger for Vista preview version (story) with a need for speed should feel the rush after installing Microsoft's recent Windows Vista Hotfix.
The Hotfix purportedly makes response time in Vista's layered windows up to four times faster, a velocity that affects all applications built with layered windows. In Yahoo Messenger for Vista, menus that overlay the central interface, like the options menu or skin chooser, pick up the pace.
Users who have installed Windows Vista Service Pack 1 Beta already have the Hotfix. Microsoft reports that it will also be available in the service pack's final release. In the meantime, the Hotfix, which addresses Vista's top user complaint, is available a la carte for those who don't want to wait for Vista Service Pack 1.
The files installs for users with administrative privileges and will require a reboot before changes take effect.
Download:
* Hotfix for Vista 32-bit
* Hotfix for Vista 64-bit
Zero-day exploit codes targeting Yahoo and AOL instant-messenger services could put frequent IM users at risk to new attacks.
A non-vendor disclosed vulnerability within Yahoo Messenger has been exploited by two different code releases Wednesday. This is the third security glitch for Yahoo Messenger in as many months. There is no workaround or patch available yet for these exploits.
A second non-vendor disclosed vulnerability in AOL Instant Messenger targets how users are notified of new IMs. Security vendor Secunia recommends that current AIM users disable that option until a patch is available.
ZDNet blogger Ryan Naraine has more information and links to the exploit codes.
Windows users await Yahoo Messenger for Vista.
(Credit: Yahoo)A CNET News.com reader served as my personal tickler file this week, asking me if I knew when Yahoo Messenger for Windows Vista will be released.
In January, Yahoo previewed a version of Messenger optimized for Vista and said it would be released in public beta during the second quarter, which ended June 30. So, they are about three months behind schedule.
I asked Yahoo about it and here is the company's reply: "We continue to actively work on Yahoo Messenger for Windows Vista and look forward to sharing updates and information including the beta launch of the new service. We will keep you up to date on launch timing but in the meantime, information is available on the Yahoo Messenger blog and the Yahoo Messenger for Windows Vista product page."
Curious about a delay with a product? Got some other tip you want us to follow up on? Send them our way.
(Credit:
Yahoo Inc.)
Got Yahoo Messenger? Hit refresh.
Yahoo on Thursday issued a patch for a highly critical security flaw, just a week after it issued another Yahoo IM security update.
In this latest case, a security flaw was discovered in the ActiveX control, which is part of the Yahoo services suite that is typically downloaded with the Yahoo Messenger installer. The vulnerability could be exploited if a user visits a malicious Web site, which in turn could lead to a buffer overflow attack and launch of arbitrary executable code.
Not a good thing.
Yahoo is calling on users to update to version 8.1.0.419. That would apply to any user running a version older than Wednesday.
On the bright side, Yahoo says it knows of no exploits for this particular flaw at this time.
On Tuesday, Yahoo released an updated version of Yahoo Messenger, designed to patch a vulnerability in the Webcam feature first exploited last week.
The China-based exploit causes a heap overflow to be triggered when the target accepts a Webcam invitation. After opening an invitation, a remote attacker could execute malicious code on a compromised machine.
Users who downloaded or had installed Yahoo Messenger prior to August 21 should update to the latest version, Yahoo Messenger version 8.1.0.416.
There's a new zero-day attack in progress against Yahoo Messenger users. The instant messaging solicitation invites users to open their Webcam. However, the code used in this China-based exploit causes a heap overflow to be triggered when the target accepts a Webcam invitation. That means a remote attacker could execute malicious code on a compromised machine.
The McAfee security blog recommends the following: do not accept Webcam invites from untrusted sources until a patch is released, and block outgoing traffic on TCP port 5100 on your firewall until a patch is released.
Yahoo has been informed and says it is working on a patch.
A phishing scam was circulating on Friday through Yahoo Messenger that directs people to a malicious Web site where they are prompted to enter their Yahoo user name and password. The malicious instant message automatically forwards itself to the victim's IM contacts.
The IM arrives from someone in your contact list with a link to a Geocities Web page and smiley face emoticons surrounding the link. When clicked on, the link opens a page that looks like a legitimate Yahoo 360 sign-in page.
Yahoo is investigating the matter and will take down the Geocities Web site if it is perpetrating a scam, a Yahoo spokeswoman said. Geocities is Yahoo's free Web space service. Yahoo also will add filters to the Messenger system to prevent the malicious link from being propagated, she said.
Phishers often use smiley faces and other emoticons to make the victim feel that the IM is safe. Geocities sites are often used in phishing scams. Such scams are not new and are becoming increasingly more common.
IM users should not blindly trust links they receive even if the link comes from a trusted source or friend. Users should confirm that the person behind the IM account actually sent the link and that it is legitimate.
If you are duped, immediately change your password and notify your Yahoo IM contacts about the malicious IM. Yahoo users also can customize their Yahoo log-in page with a security seal so they will know that the site is legitimate. More information is here.
When Yahoo Messenger went down Wednesday, it might have just been one of those little technology glitches that happen from time to time.
And when some people started having problems with Gmail Thursday, well, it probably was because of some small gremlin in Google's hamster wheel.
Same with my friend's company's corporate e-mail going down the last couple of days--all easily explainable.
Except, maybe there's a single unifying explanation. Maybe it's because of Mercury in retrograde.
I know. Roll your eyes all you want. But the phenomenon--an optical illusion in which Mercury, from our earthly perspective, seems to alter its usual path across the sky to go east to west, or backward, for a time--is thought by many to be directly responsible for all kinds of technological problems and snafus.
And guess what? Mercury is in retrograde right now, as we speak.
So when your e-mail goes down, or your TV goes on the fritz, or your TiVo stops working in the days leading up to July 10, when Mercury comes out of retrograde, think about whose tech support you should be calling.
A number of highly critical security flaws have been found in the latest version of Yahoo Messenger, which could allow attackers to gain remote access to users systems, according to a security advisory issued by eEye Digital Security.
The vulnerabilities affect Yahoo Messenger versions 8.1 and 8.0, running on Windows, eEye stated in its "upcoming advisories."
Although eEye does not disclose extensive details about vulnerabilities until the respective vendor develops a patch, the security researcher did note the Yahoo IM flaws requires little user interaction for an attacker to exploit the vulnerabilities.
"It's the classic bug. Instead of targeting your network or perimeter, it can target your desktop or client applications," said Marc Maiffret, eEye founder and chief technology officer. "Most companies are heavily dependent on perimeter security, but this is a case where network firewalls and intrusion prevention won't be enough."
Currently, no zero-day exploits exist, Maiffret said, who noted eEye informed Yahoo about the vulnerabilities Tuesday.
One potential workaround is eEye's Blink Personal security suite, which is free for the first year.
Yahoo, meanwhile, said it is currently working on a patch for the vulnerabilities.
"We recently learned of a buffer overflow security issue in an ActiveX control. This control is part of the code for webcam image upload and viewing. Upon learning of this issue, we began working towards a resolution and expect to have a fix shortly," said Terrell Karlsten, a Yahoo spokesman.
The critical vulnerabilities are the latest to hit Yahoo Messenger. Last April, Yahoo fixed a security flaw in its audio conferencing feature in its instant messenger.
And in December, Yahoo issued a security fix for its Messenger versions 5.0 through 8.0. That patch was designed to address a security flaw found in the ActiveX control, a component of Yahoo's services suite that typically downloads the Messenger installer.
