Slashdot Mirror
Spyware Tunnels in on Winamp Flaw
Andy Philips writes "A security bug in Winamp is being exploited by miscreants to install spyware on machines running the media player software.
"After surfing to a malicious Web site on our test machines, the file 'x.pls' begins to download, Almost immediately, Winamp starts to execute the play list and remote code execution begins." Sunbelt's Adam Thomas wrote in a posting. The Winamp problem affects version 5.12 of the media player. Earlier versions may also be affected."
I used winamp too - until i found foobar2000
It supports virtually all posible audio codecs, and sound quality is much better
Because there is nothing wrong with fucking up your own computer.
There is nothing wrong with telling people how to fuck up their computers as well.
There is however something wrong if you use these tools to automatically fuck up other peoples computers.
liqbase
For starters, you can go to www.oldversion.com and get winamp 2.95 along with a bunch of other versions. The train wreck that was winamp3 was also mostly corrected when they went to winamp5, and if you see from (http://www.winamp.com/player/free.php) there's a "lite" version that weighs in at 0.85MB, and which supports mp3, wav, ogg, au, midi, cda, aac, etc. Since it doesn't support modern skins, I would suspect that it's probably just a rehash of 2.9x
I don't use the video features of Winamp. They were present in 2.95, but they weren't bloated yet. And I don't think it was a grab at the windows media player headspace. It really seemed like they just tacked it on because it wasn't hard to do. I think it uses the windows renderer and codecs anyway, just without all the crap in WMP.
Anyway, yeah, I still use 2.95 of winamp, just like I still use instant messanger 4.8. I'm open to change; I'm just not going to "upgrade" to a bloated product. What is it with software these days, anyway? Every piece of software tries to be everything to everyone. Ugh.
~Will
sig?
Did they code all their own codecs? Or do they use the standard codecs? Either way, I don't know how which application you use has any bearing on the sound quality. You can't make a badly encoded MP3 sound good.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
Well, it's not just Winamp. Seems no one can get this format correct. Even iTunes had a problem http://lists.apple.com/archives/security-announce/ 2005/Jan/msg00000.html although whether it was actually exploitable or not is something else.
The grandparent poster's suggestion was assuming the user had Windows because the discussion is about fucking WINAMP, a WINDOWS program. I'd say anyone using Windows who was sensible would indeed use Firefox (or Opera), as the GP said.
You don't need to jump on every comment that mentions Windows and promote Linux in such a zealous/inflammatory fashion, especially when the comment about Windows was helpful and was promoting OSS like Firefox.
WHO NEEDS SHIFT WHEN YOU HAVE CAPSLOCK/ DAMN1
Are there more computers running OS X than there are active copies of WinAMP?
If so, why are there currently no OS X viruses yet when we see an active WinAMP exploit?
Food for thought.
"There is more worth loving than we have strength to love." - Brian Jay Stanley