Because of all the talk about support for older protocol versions being dropped, I finished writing the SSL Authentication article. And of course, theres some source for it, I updated the VB client foundation to include my implementation of SSL authentication and MSNP8.
Monthly Archive for August, 2003
Because of the forced upgrade of MSN Messenger, 3rd party clients like Trillian might come into trouble after October 15th. But, it is believed that as long as these third party clients are using at least MSNP8 there should be little trouble.
According to Microsoft spokesman Sean Sundwall, “Security issues that could be posed (on older versions) require us to force an upgrade.” He declined to detail the security issue, saying disclosure would “put customers at undue risk”.
Sundwall said the company is opening doors to discuss contractual agreements with third-party integrators, but he would not give definitive assurances that Trillian users will be able to access their MSN contacts after the deadline.
“We certainly would urge third parties who want to continue (hosting the MSN software) to contact us before Oct. 15 when they will no longer be able to access the network,” Sundwall said.
According to the dutch Web site WebWereld, Microsoft is claiming domain names which contain the word/trademark MSN. They are only claiming names which belong to dutch webmasters, sites like msnbase.nl and msn6.nl have been targeted, some moved to another domain.
Looks like Microsoft wants everyone to be using Messenger clients with .NET Passport SSL authentication. That is MSNP8 and MSNP9, used in MSN Messenger 5 & 6, as opposed to MD5 in MSN Messenger 4.x and below, also versions of Windows Messenger below 4.7.2000. This will probably, eventually, force all third party clients to upgrade to at least MSNP8.
It appears when you sign in with a non SSL client, you will recieve an email from dot_net_msgr_svc@msgr.hotmail.com warning you to upgrade. Although some claim to be recieving up to 40 emails in a 9 hour period, and while their computer being turned off.
Just to be clear, official client minimums are:
- MSN Messenger 5.0
- Windows Messenger 4.7.2000
- MSN Messenger for Mac 3.5
Most people should know about customizing the “Never give out your credit c…” security message, but in MSN Messenger 6 you may have noticed it doesn't show up. Well actually it does, for the first 5 times only.
In your per passport setting registry key, there's a dword called “WarningMsgCount”. Each time you open a new IM window, this number is checked. If it's less than five the warning message is displayed and the number is incremented. If it is five then it's left alone and the warning message is not displayed.
The idea for this is you could set this dword to 0 (or delete it) upon the IMWindowCreated event, so the IM Warning will always be displayed.
The location of the the warning message count value is: HKCU\Software\Microsoft\MSNMessenger\PerPassportSettings\#\WarningMsgCount and the IM warning policy is: HKLM\Software\Microsoft\MSNMessenger\Policies\IMWarning