Am Montag, 1. März 2010 15:42:00 schrieb Argent Stonecutter: > On 2010-02-28, at 21:30, Miro wrote: > > You might wish to make time to read this (very long) thread, if you > > have > > not already: > > > > https://blogs.secondlife.com/thread/10467 > > > > Some research has been done into how the device works. Apparently it > > exploits a vulnerability in QuickTime to access users' computers and > > "mine" information about what software is, or was, installed on them. > > I think people are misunderstanding what's going on here. > > Quicktime doesn't listen on port 80. > > Parcel video depends on Quicktime. If you uninstall quicktime, parcel > video doesn't work. > > This is almost certainly someone misinterpreting a parcel media > request FROM the viewer to port 80 on an external server.
so what? set the media url to something that is not an url to a video, but the url of a script that exploits something in quicktime to gather data about the client requesting that url, and poof you have all kind of cans of worms wide open. ...and "flash on a prim" isn't going to make the whole grid more stable and secure either. _______________________________________________ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/OpenSource-Dev Please read the policies before posting to keep unmoderated posting privileges
