How are you blocking it?
From: Sherry Abercrombie [mailto:[email protected]] Sent: Friday, February 06, 2009 10:49 AM To: NT System Admin Issues Subject: Re: OT: Warning (watching live video on CNN requires you to install a P2P client) Thanks Peter. This is getting blocked at our office right now. On Fri, Feb 6, 2009 at 9:32 AM, Peter van Houten <[email protected]<mailto:[email protected]>> wrote: Heads up for those not subscribed to Patch Management (link may wrap): ------------------------------------------------------ On the 05/02/2009 23:49, Brandon Pearson wrote the following: [Moderator's note: Off-topic for discussion, but FYI. We can discuss more when it has a security hole and we need to patch it. :) Also fair disclosure, I'm mentioned in the article. - Ryan] The article is long, but here is the main concept: "Clicking "yes" to a CNN.com dialog box installed a peer-to-peer (P2P) application that uses your Internet bandwidth rather than CNN's to send live video to other viewers." This bothers me. Even if all it is used for is to share the feed out to other users, there's still the issue of bandwidth overhead to deal with. But more concerning is that it might introduce a backdoor into a secure network. As mentioned in the article: "Any Web site you visit that is "Octoshape aware" can invoke the application. If a security vulnerability is discovered in the Octoshape software, hackers could exploit the weakness." http://windowssecrets.com/2009/02/05/01-Watch-a-live-video-share-your-PC -with-CNN > We have already found several systems on our network that have this installed and are taking steps to remove it from the systems now but this could be something you might want to check into on your own networks. --- When posting or replying to messages on this list, please send all emails in plain text format. HTML formatted messages will not be accepted. PatchManagement.org is hosted by Shavlik Technologies To unsubscribe send a blank email to [email protected]<mailto:[email protected]> If you are unable to unsubscribe via this email address, please email [email protected]<mailto:[email protected]> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ -- Sherry Abercrombie "Any sufficiently advanced technology is indistinguishable from magic." Arthur C. Clarke ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
