Slashdot Mirror
Three Vulnerabilities Discovered in Real Player
prostoalex writes "British Next-Generation Security Software discovered three vulnerabilities in popular Real Player. A malicious attacker can execute arbitrary code by offering corrupted RealAudio stream. Real Networks posted the instructions on dealing with security flaws."
I still hate RealPlyaer. Any sort of file format that requires me to install the company's software to use I will eternally hate, regardless of who it is. I hate Real, and I hate Quicktime. I'd ask that they both die a slow miserable death, but I honestly want them both out of the way so that more open standards will take their place faster.
/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
"LOLOLOLO!!!!11 j00 h4v3 b33n HAC....buffering.....buffering....buffering...."
From the Real Player Knowledge Base:
To prevent maliciously formatted video streams from providing a backdoor into your system, type the video stream by hand and verify that it contains no malicious code.
Cyde Weys Musings - Scrutinizing the inscrutable
Then you must send 34 seconds of a certain portion of the movie 'Deliverance' over a period of 22 minutes.
These two things must be accomplished while repeatedly hitting 'alt-f4' on your keyboard, and screaming, "Damn you Real Player! Damn you to Hell!' like a woman.
Of course, if you reboot you'll have to start all over again, after a slight delay.
Um, a longer delay.
Ok, you get one shot at this, I guess. At least the exploit is consistent with their user interface.
It's very sad for me to see what's happened to Real. I worked there for over a year recently, and I really wish they could turn things around move back to what they did well back in the day.
They need to:
1) fire the entire marketing team. They're horrible
2) lose any of the quick-money things they do (ads, tricking people into paying for the Plus player or *pass accounts) and focus on rebuilding a quality user base.
3) Throw away all the 325 million customer records they have, and stop the spam.
4) Own up to the fact that most people hate them, and the only users that don't have a problem with Real are the ones that don't know them well enough yet. You can only burn so many users until they come back to burn you.
The saddest thing is that the people who work there genuinely care. They are really talented, and they all know what they SHOULD be doing in order to succeed. Especially the people that work on the actual player. But things can't change until the word comes down from the top. Rob needs to have an epiphany and turn the ship around fast, otherwise they'll be selling what's left to Sony and AOL.
My sig is blank, I typed this by hand.
It appears from the press release on RealNetworks' site that the vulnerability does not affect the Mac OS X version.
Hm, once again, nothing to worry about.
Anybody out there who can type at 128 kbps?
Yes, but not without a good deal of ...buffering... going on.
Everytime a Real story shows up on slashdot, I'm tempted to post this. Looks like I couldn't resist!I disagree with what you say, but will defend to the death your right to tell such LIES!
Real's approach has always been to have their latest & "greatest" software running on your PC. ("greatest" software is less well tested).
So I run RealPlayer8 Basic when I need to. Their fix is to have me replace it with RealPlayer10 Gold? I don't wanna.
I also don't like having to upgrade to a newer set of local softwares simply because the "file format" has changed. There aren't that many advances in formats/compression over time, and it seems to me that: new formats are released more frequently than necessary, thus "requiring upgrades" to new readers of said formats.
(A) Patch the buggy apps you still support; don't make us install new (less well tested) software so often;
(B) Don't tie the desire to distribute your latest code to [often] unnecessary media format changes.
"I Sam thee to Dayton! (It's worse than Cleveland.)"