Heads up for those not subscribed to Patch Management (link may wrap): ------------------------------------------------------
On the 05/02/2009 23:49, Brandon Pearson wrote the following:
[Moderator's note: Off-topic for discussion, but FYI. We can discuss more when it has a security hole and we need to patch it. :) Also fair disclosure, I'm mentioned in the article. - Ryan] The article is long, but here is the main concept: "Clicking "yes" to a CNN.com dialog box installed a peer-to-peer (P2P) application that uses your Internet bandwidth rather than CNN's to send live video to other viewers." This bothers me. Even if all it is used for is to share the feed out to other users, there's still the issue of bandwidth overhead to deal with. But more concerning is that it might introduce a backdoor into a secure network. As mentioned in the article: "Any Web site you visit that is "Octoshape aware" can invoke the application. If a security vulnerability is discovered in the Octoshape software, hackers could exploit the weakness." http://windowssecrets.com/2009/02/05/01-Watch-a-live-video-share-your-PC -with-CNN > We have already found several systems on our network that have this installed and are taking steps to remove it from the systems now but this could be something you might want to check into on your own networks. --- When posting or replying to messages on this list, please send all emails in plain text format. HTML formatted messages will not be accepted. PatchManagement.org is hosted by Shavlik Technologies To unsubscribe send a blank email to [email protected] If you are unable to unsubscribe via this email address, please email [email protected]
~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
