funsec mailing list archives

RE: Sony's Web-Based Uninstaller Opens a Big Security Hole; Sony to Recall Discs

From: "Richard M. Smith" <rms () computerbytesman com>
Date: Tue, 15 Nov 2005 21:43:14 -0500

1).  Yes

2).  Don't know 

-----Original Message-----
From: Aditya Deshmukh [mailto:aditya.deshmukh () online gateway strangled net] 
Sent: Tuesday, November 15, 2005 9:27 PM
To: 'Richard M. Smith'; funsec () linuxbox org
Subject: RE: [funsec] Sony's Web-Based Uninstaller Opens a Big Security
Hole;Sony to Recall Discs

CodeSupport remains on your system after you leave Sony's site, and it 
is marked as safe for scripting, so any web page can ask CodeSupport 
to do things. One thing CodeSupport can be told to do is download and 
install

code

from an Internet site. Unfortunately, CodeSupport doesn't verify that 
the downloaded code actually came from Sony or First4Internet.


Does deleting codesupport from "downloaded program files" ie the actvix
cache folder solve this problem ?

Also does someone has its CLASSID so it can be added to the block list ?


________________________________________________________________________
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Sony's Web-Based Uninstaller Opens a Big Security Hole; Sony to Recall Discs Richard M. Smith (Nov 15)
- RE: Sony's Web-Based Uninstaller Opens a Big Security Hole; Sony to Recall Discs Aditya Deshmukh (Nov 15)
  - RE: Sony's Web-Based Uninstaller Opens a Big Security Hole; Sony to Recall Discs Richard M. Smith (Nov 15)
- <Possible follow-ups>
- RE: Sony's Web-Based Uninstaller Opens a Big Security Hole; Sony to Recall Discs Hubbard, Dan (Nov 16)
  - RE: Sony's Web-Based Uninstaller Opens a Big Security Hole; Sony to Recall Discs Matt Jonkman (Nov 16)