Yahoo Messenger protocol forensics

A brief forensic consideration of the Yahoo Messenger Protocol (YMSG). …

YMSG is an instant messaging protocol for use by Yahoo Messenger and compatible instant messaging clients.

YMSG does not provide encryption. This can be mitigated with client-side encryption.

YMSG does not support Multiple Points of Presence (MPOP). If you log in to a second client — for example, from within the Yahoo Mail chat client — the first client is automatically logged out and is informed that you have signed on from another location. The second client receives no such message.

This provides a tripwire with which to detect someone accessing your account. When finished chatting set your presence to invisible instead of logging out. Leave the computer running. If an attacker enters your account, you will see that you have been logged out with the above message. Depending upon the client, you may be able to log the time of the occurrence.

YMSG on Wikipedia


About Warren Post

So far: Customer support guy, jungle guide, IT consultant, beach bum, entrepreneur, teacher, diplomat, over-enthusiastic cyclist. Tomorrow: who knows?
This entry was posted in Uncategorized and tagged , . Bookmark the permalink.

One Response to Yahoo Messenger protocol forensics

  1. Pingback: Yahoo Mail forensics | A maze of twisty little passages

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s