Real Player, better than cookies
Results 1 to 10 of 10

Thread: Real Player, better than cookies

  1. #1
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786

    Media Player, better than cookies

    came accross this posted here:
    http://cpc-net.org/cpc/main/article.php?sid=145

    thought this might interest ppl here

    New privacy-enhancing controls in Microsoft's Internet Explorer 6.0 can be rendered useless by a long-known security flaw in Windows Media Player, a noted security expert said Tuesday.

    This week, computer privacy and security consultant Richard Smith warned that a unique ID created under default settings for the Windows Media Player provides a simple override for those measures. The flaw allows a malicious Web site to create what he described as a "supercookie" capable of tracking people using any version of Internet Explorer and Netscape Navigator, regardless of the privacy settings they choose.

    "Using simple JavaScript code on a Web page, a Web site can grab the unique ID number of the Windows Media Player belonging to a Web site visitor," Smith said. "This ID number can then be used just like a cookie by Web sites to track a user's travels around the Web."

    Although Microsoft has provided a fix to the flaw, Smith said the solution does not go far enough.
    "There are many people who have never run Windows Media Player, yet they are still vulnerable to the problem," he said.

    In Windows Media Player versions 6.4 and 7.1, people can turn off the option "Allow Internet Sites to uniquely identify your player" in their settings to stop potential tracking by creating a different number for each IE session. In addition, they can uninstall Windows Media Player or turn off JavaScript.

    Smith, however, said many people may not make the connection that they need to tweak Windows Media Player, a free product that is distributed with most copies of the Windows operating system, to fix a privacy leak in IE.

    In the past several months, for example, more than half a dozen security problems have been found with the latest version of Internet Explorer. Most recently, a security researcher revealed a bug in IE 6 that could let an attacker send an HTML e-mail, which in turn could steal cookies, allow access to files, or direct the victim to a false Web site.

    All of the flaws drive a truck through Microsoft's efforts to promote privacy.

    "The real issue is, here you have Microsoft spending time and money on promoting how wonderful P3P is, and there is a simple workaround," Smith said. "If Web sites get annoyed by too many people turning off cookies or using P3P, they can use supercookies instead, bypassing decisions users have made. It potentially becomes a game of spy vs. spy."

    By Stefanie Olsen - News.com
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
    Share on Google+

  2. #2
    Senior Member
    Join Date
    Oct 2001
    Posts
    689

    Post

    Hello tedob1, Im not sure if I was the only one to notice this but you named this article after Real Player even though it is referring to Windows Media Player. Other than this small mistake, great article. Another reason I gave up on Microsoft products. Use winamp, or real player, or Opera. Try something different, just because MS made it doesnt mean it is the only option.
    Wine maketh merry: but money answereth all things.
    --Ecclesiastes 10:19
    Share on Google+

  3. #3
    Banned
    Join Date
    Dec 2001
    Posts
    400
    Quote:
    "Guess What. I'm BACK!!!!!!!! "


    Good to see you back Preacher.

    Hmmmm I believe I saw a thread posted yesterday about the possible buffer overflow exploit in windows media player. The poster ( I think it was KOBBRAS) said that no-one has found a way to utilise it however. Anyone else have any more details?
    Share on Google+

  4. #4
    Senior Member
    Join Date
    Oct 2001
    Posts
    689

    Thumbs up

    Im glad someone is glad I'm back, anyway thanks Antihaxor.
    Wine maketh merry: but money answereth all things.
    --Ecclesiastes 10:19
    Share on Google+

  5. #5
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584

    Cool

    Nice post!! amma gonna go d/l my patch now..

    BTW.. we REALLY need to implement computer security in our day to day lives and not only in our lives in to da lives of da ppl we know to.. as far as i go.. i bug ppl i know who has puters and is on da net to d/l dem patches and get a firewall and i burn em a copy of my AV and give it to dem and tell them to d/l the Updates every 2 weeks..
    Share on Google+

  6. #6
    Junior Member
    Join Date
    Jan 2002
    Posts
    11

    Real Player

    Thanks for the post. I just turned that "Allow Internet Sites to uniquely identify your player" feature off. Here is an older article from www.grc.com that discusses similiar issues with Real Player. http://grc.com/downloaders.htm
    Share on Google+

  7. #7
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    Ya know... i've heard alot of people bad mouth steve gibson, but i think he fu##en rules!
    Thanks phreephallin for giving me the chance to read that.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
    Share on Google+

  8. #8

    Post

    A program i found usefull was bigfix it will tell you when new patches are out and you can download them right away from that program it,s a browser type interface and free to download sits in system tray for download or more info on this program goto www.bigfix.com
    Share on Google+

  9. #9
    Member deByte's Avatar
    Join Date
    Jan 2002
    Posts
    82

    Thumbs up

    good. this is one patch worth fixing. even tho i dont use the media player...

    rgds
    de
    Share on Google+

  10. #10
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193

    Unhappy

    thx Tedob1 and phreephallin, I turned off the wmp setting and choked dd. good posts.
    Trappedagainbyperfectlogic.
    Share on Google+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •