[opensource-dev] FAQ posted for Third Party Viewer Policy

Lance Corrimal Lance.Corrimal at eregion.de
Mon Mar 1 06:49:36 PST 2010


Am Montag, 1. März 2010 15:42:00 schrieb Argent Stonecutter:
> On 2010-02-28, at 21:30, Miro wrote:
> > You might wish to make time to read this (very long) thread, if you
> > have
> > not already:
> >
> > https://blogs.secondlife.com/thread/10467
> >
> > Some research has been done into how the device works. Apparently it
> > exploits a vulnerability in QuickTime to access users' computers and
> > "mine" information about what software is, or was, installed on them.
> 
> I think people are misunderstanding what's going on here.
> 
> Quicktime doesn't listen on port 80.
> 
> Parcel video depends on Quicktime. If you uninstall quicktime, parcel
> video doesn't work.
> 
> This is almost certainly someone misinterpreting a parcel media
> request FROM the viewer to port 80 on an external server.

so what?
set the media url to something that is not an url to a video, but the url of a 
script that exploits something in quicktime to gather data about the client 
requesting that url, and poof you have all kind of cans of worms wide open.


...and "flash on a prim" isn't going to make the whole grid more stable and 
secure either.



More information about the opensource-dev mailing list