Thanks Peter. This is getting blocked at our office right now. On Fri, Feb 6, 2009 at 9:32 AM, Peter van Houten <[email protected]> wrote:
> Heads up for those not subscribed to Patch Management > (link may wrap): > ------------------------------------------------------ > > On the 05/02/2009 23:49, Brandon Pearson wrote the following: > >> [Moderator's note: Off-topic for discussion, but FYI. We can discuss more >> when it >> has a security hole and we need to patch it. :) Also fair disclosure, I'm >> mentioned in the article. - Ryan] >> >> The article is long, but here is the main concept: >> >> "Clicking "yes" to a CNN.com dialog box installed a peer-to-peer (P2P) >> application that uses your Internet bandwidth rather than CNN's to send >> live video to other viewers." >> >> This bothers me. Even if all it is used for is to share the feed out to >> other users, there's still the issue of bandwidth overhead to deal with. >> But more concerning is that it might introduce a backdoor into a secure >> network. As mentioned in the article: >> >> "Any Web site you visit that is "Octoshape aware" can invoke the >> application. If a security vulnerability is discovered in the Octoshape >> software, hackers could exploit the weakness." >> >> http://windowssecrets.com/2009/02/05/01-Watch-a-live-video-share-your-PC >> -with-CNN > >> We have already found several systems on our network that have this >> installed and are taking steps to remove it from the systems now but >> this could be something you might want to check into on your own >> networks. >> >> --- >> When posting or replying to messages on this list, please send all >> emails in plain text format. HTML formatted messages will not be >> accepted. >> >> PatchManagement.org is hosted by Shavlik Technologies >> >> To unsubscribe send a blank email to >> [email protected] >> If you are unable to unsubscribe via this email address, please email >> [email protected] >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > -- Sherry Abercrombie "Any sufficiently advanced technology is indistinguishable from magic." Arthur C. Clarke ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
