[funsec] Caught in a (Real) Security Bind

Rob Thompson my.security.lists at gmail.com
Fri Feb 1 21:40:09 CST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Paul Ferguson wrote:
| Via eWeek.
|
| [snip]
|
| RealNetworks finds itself at the mercy of an exploit writer who refuses to
| share details of a gaping hole in the widely deployed RealPlayer software.
|
| More than a month ago, on Dec. 16, 2007, a Russian security research firm
| released an exploit for a zero-day vulnerability in RealNetworks'

Maybe I'm naive...

How hard would it be for RealNetworks, to purchase a copy of the
software that has the exploit, reverse engineer it and then fix their
program?

It screams to me to make sense this way...am I missing something here?

<snip>

- --
Rob

+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
|                         _   |
|  ASCII ribbon campaign ( )  |
|   - against HTML email  X   |
|                        / \  |
|                             |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)

iEYEARECAAYFAkej5hYACgkQcfN68iZZIcdmAACfRXgs1WJ0utAbFmB3sadBsgVw
JE4AoJHAbJaSfKiveoybGRSZN6eqdf5B
=Rl3Z
-----END PGP SIGNATURE-----


More information about the funsec mailing list