On 2010-03-01, at 08:49, Lance Corrimal wrote: > Am Montag, 1. März 2010 15:42:00 schrieb Argent Stonecutter: >> On 2010-02-28, at 21:30, Miro wrote: >>> You might wish to make time to read this (very long) thread, if you >>> have >>> not already: >>> >>> https://blogs.secondlife.com/thread/10467 >>> >>> Some research has been done into how the device works. Apparently it >>> exploits a vulnerability in QuickTime to access users' computers and >>> "mine" information about what software is, or was, installed on >>> them. >> >> I think people are misunderstanding what's going on here. >> >> Quicktime doesn't listen on port 80. >> >> Parcel video depends on Quicktime. If you uninstall quicktime, parcel >> video doesn't work. >> >> This is almost certainly someone misinterpreting a parcel media >> request FROM the viewer to port 80 on an external server. > > so what? > set the media url to something that is not an url to a video, but > the url of a > script that exploits something in quicktime to gather data about the > client > requesting that url, and poof you have all kind of cans of worms > wide open.
That's true, but the evidence so far provided is consistent with them doing no more than stripping IPs out. > ...and "flash on a prim" isn't going to make the whole grid more > stable and > secure either. No, I've been arguing that "web on a prim" was a bad idea for some years now. Yes, I'm enjoying the schadenfreude, thank you very much. _______________________________________________ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/OpenSource-Dev Please read the policies before posting to keep unmoderated posting privileges
