[opensource-dev] FAQ posted for Third Party Viewer Policy

Tigro Spottystripes tigrospottystripes at gmail.com
Sun Feb 28 20:02:38 PST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So, all that the scriptkiddies out there need to do to evade the all
mighty Gemini CDS malicious client user detection system is to not have
Quicktime installed? And LL is letting all their users run around with
their machines open to attack by anyone? That doesn't sound plausible at
all...

On 1/3/2010 00:58, Maggie Leber (sl: Maggie Darwin) wrote:
> On Sun, Feb 28, 2010 at 10:49 PM, Tigro Spottystripes
> <tigrospottystripes at gmail.com> wrote:
>> hm, i didn't thought he did collect IP addresses, but even if the system
>> does catch IP addresses (which isn't such a big deal if you keep your
>> machine safe) an IP address wouldn't be of any help identifying
>> malicious clients, unless the malicious clients in question routed stuff
>> thru a known proxy.
> 
> Sounds to me like we're talking about a lot more than IP address.
> There have been both remote file system reading and arbitrary code
> execution vulnerabilities in Quicktime in the past.
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkuLPFsACgkQ8ZFfSrFHsmUq9wCePU6qZ/B/9jnj2LiKp6eFu4/U
fOEAnjyVKfKPB0S0BoJWo6t/pLCEGCnw
=v4/s
-----END PGP SIGNATURE-----


More information about the opensource-dev mailing list