funsec mailing list archives

Re: Caught in a (Real) Security Bind

From: Rob Thompson <my.security.lists () gmail com>
Date: Fri, 01 Feb 2008 19:40:09 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Paul Ferguson wrote:
| Via eWeek.
|
| [snip]
|
| RealNetworks finds itself at the mercy of an exploit writer who refuses to
| share details of a gaping hole in the widely deployed RealPlayer software.
|
| More than a month ago, on Dec. 16, 2007, a Russian security research firm
| released an exploit for a zero-day vulnerability in RealNetworks'

Maybe I'm naive...

How hard would it be for RealNetworks, to purchase a copy of the
software that has the exploit, reverse engineer it and then fix their
program?

It screams to me to make sense this way...am I missing something here?

<snip>

- --
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
|                         _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|                        / \  |
|                             |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)

iEYEARECAAYFAkej5hYACgkQcfN68iZZIcdmAACfRXgs1WJ0utAbFmB3sadBsgVw
JE4AoJHAbJaSfKiveoybGRSZN6eqdf5B
=Rl3Z
-----END PGP SIGNATURE-----
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Caught in a (Real) Security Bind Paul Ferguson (Jan 31)
- Re: Caught in a (Real) Security Bind Rob Thompson (Feb 01)