Loading...
Home -> Blog
  • Follow Siavash on Twitter
  • Add Siavash on Facebook
  • Follow Siavash on Google+
Bot:
RSS Feed Add to Delicous! Add to Digg! Add to Technorati! Add to Furl! Add to Blinklist! Add to Reddit! Add to Oyax! Add to Balatarin!

Yahoo! Messenger Protocol
(Posted on 2007/09/05, 19:02:12)

The Yahoo! Messenger Protocol is the underlying network protocol used by the Yahoo! Messenger instant messaging client, for Yahoo!. Yahoo! Instant Messager supports many features beyond just messaging, including off-line messaging, file transfer, chat, conferencing, voice chat, webcams and avatars.

Overview

The purpose of the YMSG protocol is to provide a language and series of conventions for software communicating with Yahoo!'s Instant Messaging service. In essence YMSG performs the same role for IM as HTTP does for the World Wide Web. Unlike HTTP, however, YMSG is a proprietary standard, aligned only with a single messaging service provider (namely, Yahoo!). Rival messaging services have their own protocols, some based on open standards, others proprietary, each effectively fulfilling the same role with different mechanics.

One of the fundamental tenets of instant messaging is the notion that users can see when someone is connected to the network — known in the jargon as 'presence'. Yahoo!'s protocol uses the mechanics of a standard internet connection to achieve presence, the same connection it uses to send and receive data. In order for each user to remain 'visible' to other users on the service, signaling their availability, their Yahoo! IM client software must maintain a functional, open, network connection linking the client to Yahoo!'s IM servers.

As some organisations block communication on the port used by Yahoo! IM, either because they choose to whitelist certain types of internet usage (only web surfing and email, for example) or because they seek to blacklist instant messaging services, Yahoo! provides an alternative route for connecting to their service which mimics the HTTP protocol used by the World Wide Web. Unfortunately, as HTTP has no inherent sense of a persistent connection, Yahoo! instead relies on the client frequently contacting the server in order to approximate the sense of a connection required to give each user presence on the IM network.

Originally the YMSG login procedure suffered from a security flaw known as a replay attack, in which a given password (or other authentication information) is always identically scrabbled when sent across the network. This allows any attacker who witnesses the transmission to merely reproduce the message verbatim in order to successfully log in, without actually needing to know the original password (or other details) which generated it. But some time around 2000 or 2001 Yahoo! upgraded its service to introduce a random element to each login attempt, defeating any further potential for replay attacks.

With the exception of the login authentication details, data sent over a YMSG connection is not encrypted. YMSG uses a binary format in which the text potions of the data are transmitted in plain view. Therefore, while it is difficult for an attacker to seize control of a Yahoo! IM account, it is quite easy for them to read all messages sent to and from the account holder, along with other details such as the list of friends, if the attacker has control of one of the computers through which the data is routed.

References

Tags

YMSG, Yahoo messenger, Yahoo, Protocol

Comments

Name:
Email:
Website:
Comment:
 
Miss jacinta:
Posted on 2012/11/21, 11:45:17
" My name franklin..i need ur number pls or u call me 07035548269 "
kevin:
Posted on 2010/09/26, 14:45:22
" like to have more friends. "
mahsa:
Posted on 2010/09/22, 10:41:59
" hi "
Smith:
Posted on 2010/07/30, 11:21:44
" Hello, Welcome to AffiliateGood.net Our Company work in the field Marketing Online, special offers catagory : Education, Health and Beauty, Financial, Membership Club, Incentivized, Debt , Mobile , Insurance , Biz Opp, Games,Family and Home , As Seen On TV, Babies/Children/Family, Skin Care of four big company CPAProsperity, Axon Media Group, Broongads, EleadMedia on AffiliateGood.net and find out other company in the future.if you are interested in this Catagory please on http://www.affiliategood.net/viewoffers.php for free,We hope our website helpfull with you Thank you ! "
roya:
Posted on 2009/10/29, 23:25:59
" roya "
roya:
Posted on 2009/10/29, 23:25:39
" roya "
paniz:
Posted on 2009/08/25, 13:46:58
" kasi adres chat bahal nadareh "
paniz:
Posted on 2009/08/25, 13:46:07
" salam siavash jan "
by bay feic_1368:
Posted on 2009/05/26, 18:59:10
" salam "
Man:
Posted on 2009/02/16, 15:47:57
" Hi every One THnaks Very Much "
sfsadfsa:
Posted on 2008/11/10, 09:48:15
" your invisble.ir is not working "
maryam:
Posted on 2008/09/18, 09:56:04
" salam siavash jan.man ba in barnameye axe id moshkel daram nemitonam besazam:(( "
zohreh:
Posted on 2008/09/14, 14:44:52
" salam "
rose:
Posted on 2008/09/13, 18:08:46
" salam "
mahan:
Posted on 2008/08/31, 15:51:51
" kasy nist inja qaz vc keshy chizyy bedone masalan az koja mishe barnamashoo gereft "
mahan:
Posted on 2008/08/31, 15:51:02
" salam "
Mr.SaFa7:
Posted on 2008/07/06, 21:49:22
" كيف باغير السمايل؟؟ "
ShBh BaGhDaD:
Posted on 2008/06/15, 09:52:02
" مشكوووووووووو تحياتي شــبح بغداد "
ahmed:
Posted on 2008/06/09, 12:45:01
" هااااااااااااااااااااااااااااااااااااااااااااااااااااااااااااااااي "
كاتم العبرات:
Posted on 2008/06/09, 12:44:07
" هاااااااااااااااااااي "