On Mon, Nov 11, 2002 at 11:04:50AM +0800, [EMAIL PROTECTED] wrote: hi, It is surprising that Y! makes a direct connection to the peer. I thot that Y! connects to the server and that handles the communication. And what is the vulnerability that u look at. Since the connection is a p2p connection, I think there can be no vulnerabilities. Correct me if i am wrong. thx phani
> Hello All, > > During my observation in daily use of Yahoo Messenger, my computer has >"stale/zombie" sessions. For example, If i have received/message a friend, yahoo >will normally make a direct connection from my PC to my friend. From Netstat result, >you can see a high port on my computer is having an Established session with my >peer's:5101 port. > > The issue is, after a contact has gone offline (dial-up), the state established in >the netstat will remain until the next day. I wouls see this as a vulnerabilities, >since an arbitrary user can assume the IP Address was used (dial-up->dynamic ip >assignment), and use this established session to assume it. > > Any idea ? > > > Regards, > Leonard Ong > Network Security Specialist, APAC > NOKIA > > Email. [EMAIL PROTECTED] > Mobile. +65 9431 6184 > Phone. +65 6723 1724 > Fax. +65 6723 1596 > > > > -----Original Message----- > From: ext Joey [mailto:josefhuggins@;hotmail.com] > Sent: Saturday, November 09, 2002 9:32 PM > To: Security Basics > Subject: Re: Biometric question > > > To clarify:retinal scanning is about as effective as fingerprints. Retinal > scanning uses a laser light, often in the green part of the spectrum to scan > the blood vessels of the internal eye. Both methods scan around 90 metric > points. They can easily read false depending on whether or not the > biological sample (in this case eyeball or finger) is placed exactly in the > same position as it was when it was initially scanned. There is, of course, > with most software a threshold setting which will allow readings to require > either a very precise ( a finger must be placed in exactly the same spot > every time on a reader ) or very minimal ( a finger can be placed anywhere > near the center of the reader, but the accuracy drops proportionately ) > setting. The best way to go from everything I've seen and read is with iris > scans. Whereas fingerprint and retina scans read around 90 metric points, an > iris scan reads about 250. Iris scans are non-invasive whereas retina scans > require a laser light or other strong light source directed through the > cornea in order to read the vessel pattern in the back of the eye. While > it's allot more expensive, if security, and not money is your concern, I > think iris scanners are the way to go. If you can't "hack" it and you have > to settle w/fingerprint or retinal scanners, I would go for the fingerprint > scanner. > > -J > > ----- Original Message ----- > From: Naveed Ahmed <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Thursday, November 07, 2002 11:05 AM > Subject: RE: Biometric question > > > > Michael is right. > > the better ones are ( at least relatively more difficult to fake) retina > > scans and voice recognition. > > dont go by what tom cruise does in 'minority report' with the eye > balls.!!! > > rgds > > -Naveed > > > > -----Original Message----- > > From: Michael Sconzo [mailto:msconzo@;tamu.edu] > > Sent: Thursday, November 07, 2002 10:43 PM > > To: [EMAIL PROTECTED] > > Subject: RE: Biometric question > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > One of the more memorable things that I have read about fingerprint > > scanners is: > > http://www.counterpane.com/crypto-gram-0205.html#5 > > > > You can basically fake a fingerprint biometric machine with a gummi > > bear. If I remember correctly, the majority of fingerprint scanners > > are vulnerable to this type of attack. One of the big things to look > > for is one that samples SHAPES not POINTS, and remember the more the > > merrier. > > > > As for other types of biometrics, I am not too sure, hopefully > > somebody else can shed some light on those. > > > > - -mike > > > > > > - -----Original Message----- > > From: Felix Cuello [mailto:felix@;qodiga.com] > > Sent: Wednesday, November 06, 2002 1:27 PM > > To: [EMAIL PROTECTED] > > Subject: Biometric question > > > > > > > > Hello list! > > > > I will work in a project where phisical security will be based on > > biometrics, in fact only will be based on fingerprints biometric. > > > > How secure are fingerprints?, what biometric are more secure? > > (voice, > > eye, ??? what else). > > > > I'm not a security expert :-) > > > > Thanks a lot, > > > > Felix > > [my english is bad... please sorry :-)] > > > > - -- > > Felix Cuello > > [EMAIL PROTECTED] > > > > Qodiga/its > > Av.Santa Fe 882 P.13 Of. "E" > > C.P. ABP1059C > > Tel.: (54) 011 - 4312-1698 > > Buenos Aires - Argentina > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> > > > > iQA/AwUBPcqfKy76iJsaBRvcEQJ4GQCg8IIGDvldPOk6Bll7RV8spScjPDAAoPuy > > DzeFhJhhlLBeyqWGS/NABATs > > =kUtf > > -----END PGP SIGNATURE----- > >