Who Blocked Me?

It’s one of those questions that just never seems to go away….”Who has blocked me on [insert your favorite instant messenger program here]?” My answer is short and sweet – you can’t know, you’ll never know, and your contacts have their right to privacy. That last bit alone is enough to generate quite a heated debate as I recently found out – but I’ll spare you the details. More importantly – trying to find out who has blocked you can compromise your computer’s security and infect you will all kinds of malware and viruses you never imagined – and it’s not going to yield any accurate information.

For years, I’ve told people to stay away from block-checker websites. Back in November, Christopher Boyd wrote on SpywareGude to beware of a block checker file that you can now download. It’s a new spin on the websites that have stolen credentials for some time. AIf you install MSN Block Checker you will be infecting your machine with Mob.Blockcheck – take a look at it’s behaviors and I’m sure you’ll decide you don’t really want it on your machine.  Also referenced in this detailed post are 3 previous posts about other online sites claiming to tell you who’s blocked you and phishing scams aimed solely at getting you to reveal your login credentials. Just this week, the well known Raymond.cc blog posted on an email that appears to come from one of your contacts and leads to a site asking for your login info to determine who has you blocked. I probably don’t need to tell you the email is a phishing scam. The friend from whom it comes has probably had their login stolen. The Raymond.cc post also includes very good information on what to do if you believe your login credentials have been compromised.

Many users don’t practice good security online – using the same login and/or password for multiple sites and services.  Being compromised may mean there is a lot more at risk in such cases. Phishers and hackers are quite happy to share their payloads with each other. Many people wrongly assume that because they run an antivirus or malware scan and it comes up clean they are not at risk and/or have not been compromised. FALSE!  Until the advent of the “downloadable” file previously mentioned, most of this phishing was done online. It’s true many of these sites also dump malware or crapware on your machine as a bonus – but the real problem is when the credentials are entered online. It’s hook, line and sinker for the phisher. They have what they need.  All those annoying IM’s and emails going out to contacts will most likely be happening from a remote server. All the antivirus and malware scans in the world aren’t going to stop it from happening.  Following the advice on what to do when you’ve become compromised becomes paramount if you want to stop the problem (and I assure you – your contacts would really appreciate it if you do.)

Knowing if you’ve been blocked is obviously tempting (or the phishers wouldn’t be doing so well with it now would they?)  I have never heard of a block checker that works, doesn’t infect your machine or steal your credentials.  Ask yourself this. Why does a site need your login credentials to determine if someone else is online? Doesn’t make a lot of sense does it? You have to ask yourself – is it really worth it to find out? There are options. Email the person and ask if they are not communicating for a reason. While slightly subversive, you could create another identify and see if the person will add you as a new contact. If you can see them online with one identity and not the other, then you are likely blocked.  Of course, that’s only as good as getting the person to accept some unknown new contact on their list (and if they weren’t mad at you before they may be after you do that if they figure it out.) Send them an IM – perhaps they just aren’t showing online, but will actually answer you. Or, you could just be adult about it – accepting that someone is showing offline to you for whatever their own personal reasons may be. Whatever your choice – stay away from the block checkers. They don’t work and the risks are far greater than the reward (or lack thereof).

UPDATED: Yahoo! Messenger for iPhone

Last week, Yahoo! Messenger product manager Sarah Bacon put her foot in her mouth when she complained on the Y! Messenger blog that Apple was taking so long to approve their updated Yahoo! Messenger iPhone app. Somehow she missed the fact that the app has been resubmitted with some changes, resetting the review period. Nevermind that she’s a product manager and should know this. It’s a moot point now that the updated app has been approved and ready to download from the iTunes app store.

Yahoo! Messenger 1..2.2 for the iPhone incorporates several changes based on your feedback:

• Stay available, not idle. Now when you close the Yahoo! Messenger app, you’ll still show as “available” to your Yahoo contacts rather than “idle.”  Since you get push notifications of new chat messages, this is more logical.
• Get a better Buzz. No, not that kind of buzz. They’ve tweaked the Buzz feature with a new notification sound, the ability to turn it on or off, and added vibrating buzz notifcations.
• “Shorter and prettier” notification sound. – Apparently this was a big problem for a lot of people, based on feedback. Go figure.
• Address book integration fixed. Yeah, they broke it in the last version. Now it works properly again, so when you compose a new SMS to someone, you can access numbers in your iPhone address book, and not just your Yahoo contact list.

Resources

• Read more about the update from the Yahoo! Messenger blog
• Join the discussion in our Yahoo Support forum

Preview Yahoo! Messenger 10

Yahoo today announced availability of the Yahoo! Messenger 10 beta. What’s in the new beta? High-quality video calls, a “Y! Updates” view of your contact list that turns Messenger into a Twitter stream, new ways to sort your contacts and support for 16 different languages.

High-Quality Video Calls

They have revamped the one-to-one video calls, building it right into the chat window, improving the video quality and synchronizing the audio with the video. You can swap window positions (between your preview and the person you are viewing), display both windows side-by-side, and put the call on mute or hold.

There are some caveats. The new video call requires both parties to be running Yahoo! Messenger 10, and the changes don’t apply to one-to-many webcam broadcasting.

Y! Updates View

The new Y! Updates view of your contacts is more interesting to me, as it is a unique way of displaying your contacts, sorted in a live stream of updates that will be familiar to Facebook and Twitter users. The most recent updates will appear at the “top” of the contact list. Updates can come from Twitter, Last.fm, Yahoo! Buzz, Flickr, nearly 20 non-Yahoo web sites, and (of course) Y! Messenger status updates.

Why is this interesting? Yahoo is incorporating Twitter and co-opting the real-time update stream in way that other IMs have not quite done. Other IM programs like Digsby and Trillian Astra allow you to see updates from Twitter, but they display them as pop-up alerts, not as a view of your contacts. By turning the contact list model into a real-time stream sorted by the latest updates,  Yahoo has transformed the contact list into something more dynamic and engaging.

The features are interesting, but keep in mind that this is still beta software and there probably are bugs. If that puts you off, stick to version 9.

Resources

• Download Yahoo! Messenger 10 (Windows)
• BigBlueBall Yahoo! Support discussion

Pidgin 2.6.1 Update

Pidgin, the best multi-network instant messenger for Linux just got better. John Bailey provides all the details, which include two notable new features:

• Voice and Video - Thanks to Mike Ruprecht’s Summer of Code project last year, libpurple has been updated to support voice and video. Pidgin 2.6.1 supports this for XMPP currently, but they are working on updates for other protocols.
• Theme Support – Another Summer of Code project, this one from Justin Rodriguez, adds theme support for the buddy list, sounds and status icons.

While these features are great news for Linux users, they have not yet been implemented in the Windows version. There is a long list of updates, fixes and changes. If you’re using Pidgin, it’s worth updating.

Resources

• Pidgin web site

Adium Update Fixes Vulnerability

Adium, my favorite multi-network instant messaging app for the Mac, has released version 1.3.6. The new version includes an updated libpurple to fix a vulnerability with the MSN protocol as well as an updated version of the Facebook chat plugin and numerous bug fixes.

If you use Adium, I highly recommend upgrading.

Meanwhile, work continues on Adium 1.4. If you’d like to help beta test, you can change your preferences to automatically download the latest beta, or visit the Adium beta page.

ICQ 6.5 HTML Injection Bug

The venerable IM is vulnerable. SecuObs.com reports that popular instant messenger ICQ (“I seek you”), version 6.5 is vulnerable to HTML-injection attack.

What does this mean?

The incoming message window in the vulnerable ICQ client works like a mini web browser. An attacker can try to exploit the vulnerability by sending specially crafted message to the remote ICQ client. The malicious message can contain text data which will be interpreted and displayed in the incoming message window as a HTML code. Potentially an arbitrary HTML code could be injected.

There are two risks that have been identified:

1.  Information disclosure

For example, an attacker can inject <IMG> tag that could lead information disclosure (such as remote client’s IP address, browser version, OS version, etc.)

2.  Spoofing

An attacker can spoof ICQ client software’s system messages, interface elements (buttons, links) in the message window, etc. For example, it could be used for forcing of the ICQ users to click on attacker’s malicious link.

The vulnerability exists in the lastest build of ICQ 6.5, and may affect older versions as well.

As of yet, ICQ has not issued an update to fix this vulnerability. To be safe until they do, I suggest using an alternate, compatible IM client  such as Trillian, Adium, Pidgin or Digsby.

Trillian Astra 4.0 Launches

After an extensive public beta, Trillian Astra has officially launched. Trillian Astra is a popular multi-network instant messenger and communication tool that has been around for a long time. This new version brings a much-needed update to that Trillian legacy.

Competition is good for the consumer, and now (at least on Windows) you have two choices: Trillian and Digsby.

Cerulean Studios, the developers behind Trillian Astra, are working on a version for the iPhone and iPod Touch, as well as a cross-platform web client and a dedicated client for OS X. I’ve been testing Trillian Astra for the iPhone, and I like it so far. It leverages push notifications allowing you to stay connected even when it’s not running. If they can improve the time to connect it will be my favorite IM on the iPhone.

Trillian Astra comes in two versions, a free version with basic functionality, and a paid, Pro version that adds additional features. The Pro version sells for $25 (or $10 to upgrade for existing Pro owners). I own a Pro license, and found it was well worth it several years ago. I haven’t yet decided whether I’ll spring for the upgrade, as now I tend to use IM for more basic collaboration, which the free version supports quite nicely.

You can download Trillian Astra for Windows or learn more about it here.

Is Google Wave the New Email?

This week at the Google I/O  developer conference, they announced what they describe as a whole new communications platform. It incoporates email, IM and integrates other communication mediums like Twitter, and it is called Google Wave.

Google Wave takes the various communication and collaboration streams that you currently use and ties them all together in “waves.” It’s similar to the threaded conversations in Gmail, but incorporates IM, Twitter posts and using the Wave API, anything you want to build. 

Wave was created by brothers Lars and Jen Rasussen and Stephanie Hannon in Google’s Syndey, Australia offices. Lars explains, “Wave is what email would look like if it were invented today.” 

MG Siegler at TechCrunch is at Google I/O and has written great review with his initial perceptions. Note that Siegler’s comments are based on a demonstration, not a hands-on review. His thoughts? Simply put, Lars may be right. 

Google Wave shows a lot of promise. You will be able to use Wave as a “product” built on HTML 5, but you can also embed “waves” on your blog or website to allow direct interaction. And you could even host waves on your own servers, making it an intriguing choice for collaboration behind the firewall. 

What’s interesting is that Wave incorporates some of the real-time features that have made their way into the limelight via Twitter, FriendFeed  and (most recently) Facebook. Updates to a wave show up in realtime without a page refresh, and search also updates realtime. 

Google plans to make Wave open source. You can read more about the Wave protocol at http://www.waveprotocol.org/

What do you think? Could Wave be the future of online collaboration?

AIM 6.9 Gets Social

AOL today officially released AIM 6.9 for Windows, introducing new features that integrate AIM with other social networks, including Twitter, Facebook and YouTube. This new version of the venerable instant messaging program acknowledges and embraces the fact that people aren’t just on a single social network — they have a presence across many networks — and keeping up-to-date with your friends, family and associates shouldn’t require you to visit a dozen different web sites. The real social network transcends any single brand.

AIM remains free to use, supported by advertising that appears in the buddy list and chat windows. AIM 6.9 requires Windows 2000 or newer, 512 MB RAM for enhanced IM functionality, Flash and IE 6 or newer. You can download it here.

Alternate versions for Mac, Linux and web-based IM are still available, but haven’t been upgraded to match the functionality of their Windows counterpart. 

Do you use AIM? Will you upgrade?

Miranda IM Gets a Twitter Upgrade

The multi-protocol instant messenger Miranda got a whole new gig today. Now you can use Miranda to connect to Twitter, staying up to date on everyone you follow and posting new tweets. Miranda-Twitter is a protocol plugin for Miranda IM v 0.8+. 

Miranda is a free IM program that works with all of the popular IM networks, allowing you to use one program instead of many. With the addition of Twitter support via this plugin, Miranda is edging into the social networking turf that Digsby first ventured into.  Unlike Digsby, the Miranda installer does not encourage you to install any adware programs. 

To share feedback on the Miranda-Twitter plugin, visit this Miranda forum discussion.

Next Page »