How does who-has-blocked-me-on-msn sites work? - msn

I understand that this isn't actually possible. So... what do the do? Can a program retrive a list of msn contacts using a valid user/password?

I think there is/was a vulnerability in the MSN protocol that would allow the client to check if it was blocked. Its not fetching the user list of the blocked person. Not sure of the details, but its something along the lines of:
for every one of my contacts
try to send message
if server return status == blocked
return true

What they used to do was exploit the fact that you had to define who you had blocked on MSN for you not to be able to see their status. Then, they issued and update so that only users you allow can see your update. Previously, they'd simply try and IM the user and see if they were online.
Using the MSNPX protocol, yes. See www.hypothetic.org/docs/msn/

Related

Microsoft Teams bots can only update the last two posts in a conversation. Is that by design?

Summary
I am using the Bot Framework REST API to create and update Microsoft Teams posts.
I have found that I can only update the last two posts of a conversation, but cannot find documentation that describes this restriction.
It is not possible to identify the failed updates from the API response, as the HTTP response code and body is always the same, regardless of whether the update works or not (200 with the id of the "updated" activity). I would expect the response to indicate the failure, and so this appears to be a Teams bug.
Detail
I can create conversations and create replies to conversations using the Bot Framework REST API without issue (using the create conversation and send to conversation endpoints). My problem arises if I try to update these messages.
Given a conversation that looks like this:
parent_message
|_ child_message_1
|_ child_message_2
|_ child_message_3
If I attempt to use the update activty endpoint to update each one of these messages, I observe that:
I can always update parent_message.
I can update child_message_3 and child_message_2, but not child_message_1. In each case the HTTP response is a successful HTTP response (200 response code, with a JSON body that contains the id of the updated message), regardless of whether the update succeeds or not.
If I add another message, child_message_4, then this will be updatable, but child_message_2 will no longer be updatable. I assume this is because now child_message_2 is no longer one of the last two messages.
I see the same behavior if another user adds messages to the conversation, ie. if a user were to make two posts to the conversation I would no longer be able to update any of my own child messages as they are no longer one of the last two messages.
My questions are:
Does anyone know if this restriction is by design? If so, can you point to some documentation on this?
Is it possible to determine when an update fails? As mentioned, the HTTP response always reports success so I'm unable to find a way to do this. Is this a bug in Teams?
Thanks for reporting this. We are able to repro this at our end and we are tracking it here: MicrosoftDocs/msteams-docs#2011
Please follow this issue for updates/progress/questions.
Updates: This is fixed.
This appears to be a bug, but I think the bug is different from what you think it is. Go ahead and "refresh" the conversation and you should see the updates in effect. If you're using the web app then you can refresh the page, but since you're probably using the desktop or mobile app then you could try switching to another conversation and back, or you might have to sign out and sign in again.

Receiving messages back to my platform

Use Case SMS leaves my platform and goes out to a receiver (SMS). I would like to attach some sort of custom identifier so when the user responds back to the SMS..and my platform received the message..I know how to internally route the response back in my platform.
Any ideas?
Maybe set up a system where when the code is sent out
For instance:
Code - 11832
The user then has to enter this code on your website. A program will then match to see if it's the identical code. So you are then able to log the information
No expert on this though and Where is your code ?
Twilio evangelist here.
There isn't really a great way to attach an identifier to the message itself. You could force the user to prepend/append a code in their reply, but depending on your specific scenario that might not be a great user experience.
Another option is to save the to/from phone number as a unique pair when you send the message. Then as your application receives replies you can check the incoming to/from phone number against what you saved.
Hope that helps.

Replying to certain message in Twilio

I am making an event organisation platform. Whenever user creates an event, the candidate gets an email notification as well as sms notification asking whether the suggested time fits or not. The problem is that since it is event organisation, there may be more than one occurance of candidate's mobile phone. So I need to have some unique information to identify to which event candidate is responding to.
I have tried identify using Message SID, but then I realised that Message SID is different on reply message.
So my question would be: is there any way to authenticate to which message candidate is replying to?
Hi Twilio developer evangelist here.
Because every message is idempotent, you wouldn't be able to track them just via the call sid. however, there's way to get around that such as passing a code that goes with each message which you can then read, or using cookies.
I think you are probably going to be more successful using cookies, and luckily enough there is an article on twilio's website that describes just how to do that. And because I noticed you're using PHP, I'm pointing you directly to the PHP article on tracking SMS conversations.
Hope this helps you

Auto Update Google Chat Status Message

I need to change my gmail chat status message frequently and set it to one of 10 predefined messages every X minutes. How can I do that? There should be a solution for this.
Thanks.
There are a couple of ways to do this. When we did it a couple of years back, we used python with xmpp and tinkered with the code talked about in here http://sathyaphoenix.wordpress.com/2010/08/03/finding-invisible-friends-and-dynamically-updating-your-status-in-google-chat-using-xmpp-scripts-linux-python-ubuntu/
Another link that shows up in google these days that you might want to consider is: http://bluegray.co.za/content/setting-google-talk-status-python-xmpp
All you need to do is set up an authenticated connection with the gmail xmpp server using xmpp python modules and send your custom text as a (Show, Status) Node object.

How do I verify an email address is real and in use using the Sender Policy Framework

From what I've been reading the SPF can be used to validate email addresses by sending commands (rather than an actual email) such as HELO. I've managed to pick up a basic grasp of the policy but I can't get my head around how I'd go about solving the following problem:
I've got a number of email addresses attached to contacts in a CRM system and I'd like to find out if the email addresses are valid and still in use.
Currently we're using a REST Web Service (http://emailinspector.co.uk/) which returns "Ok" (if its ok... duh), "Bad" (if its not valid or not in use) or "Unknown". For Unknown, you are also provided some notes on why it came back with that, i.e. you are told if the Mailbox is full or if its a well known DEA.
I'd like to be able to program a script that can replicate this functionality and from what I've worked out it should use the Sender Policy Framework to do this? The problem is I don't know how I'd go about returning such precise information for "Unknown" email addresses.
Ideas and thoughts?
Actually SPF is just a text record, with some "hints" to let you know if an IP address or mail server is "allowed/Authorized" to send email for that domain. It doesn't tell you anything about an individual email address in that domain..
for example
[doon#qix:~] host -t txt labratsoftware.com
labratsoftware.com descriptive text "v=spf1 a -all"
The SPF record for one of my domains says that only the a record for the domain is authorized to send email for labratsoftware.com, and that if it doesn't come from that IP then it should be rejected (-all).
So the best you can do with SPF is tell that a received email came from an authorized host, and then use that information to help decide if you want to reject it or not.
The best way To test the validity of an email address you have, is to email it, and see if it bounces. You can use options like VERP (http://en.wikipedia.org/wiki/Variable_envelope_return_path) to automate the bounce handling. You can also try and connect to the MX records listed for the domain and try to deliver a message that way. Some Mail servers support verify (But most admins disable this to prevent information leakage). You can use RCPT TO to see if the server accepts it, but even if it does , you have no way of knowing if it will actually make it to their INBOX. My guess is that is what the API you are currently using is doing. And unknown are just ones that either don't answer, greylist, etc.

Resources