Boottoo big realplayer 7
There's, like, nine different things they're trying. Steve: And when I went to their site to see what they had to say about this, there's, like, all this other stuff going on. And I think it's obviously not going so well. Leo: You know, they tried, last year they announced kind of a complete pivot on their business model. Rob Glaser, the founder of RealNetworks, quit a year and a half ago. So they'll fix it when they can, although I think I also just, it flew by my eye on the news a couple days ago, that they've just lost their CEO.
BOOTTOO BIG REALPLAYER 7 UPDATE
The nice thing about Real is that they're not trying to make any claims as to, well, we're only going to update quarterly, so hold onto your seats in the meantime. They have no updates as of the recording of this podcast. And he says: ".and the copying of another arbitrary amount on the same buffer." So, yes, that's about as bad as it could get. And that of course is the way you overflow the heap. Steve: We're only going to allocate a little bit, but we're going to write a lot and just see what we stomp over. Steve: Yeah, probably, ".developed by RealNetwork and used mainly for its browsers' plug-in supporting the proprietary file formats of its developer." And then under the "Bug" category on the Security Focus posting, he wrote: "Classical heap buffer overflow during the handling of the IVR files caused by the allocation of a certain amount of data (frame size) decided by the attacker." And you never want to have your allocations decided by the attacker. Apparently the person who found the problem described it, saying: "RealPlayer is an ugly media player." I don't know if he didn't like the UI, or if he just meant ugly from a hacker standpoint or from, like, an internal workings standpoint. So anyway, on the Security Focus website I kind of got a kick out of this. Leo: Oh, I hate that, when you go to a site, and you have to use RealPlayer to play back the video or audio? And somewhere I tried to go, like C-SPAN or something, they still make you use Real. But I think there is some penetration, for example, in the corporate world. I don't have any real sense, either, for how many people are still using RealPlayer. Now there's another one, a heap buffer overflow. We last did about a month ago, they had a security fix in early February. There was, I just - I don't know why I feel compelled to mention when RealPlayer has problems. And not an overabundance of security news this week. We've got a couple of bonuses at the end. We've got 10 questions and a couple, some of them are sort of short things so as I was running through things, there were some little tasty tidbits that I just couldn't resist throwing in. Well, we share your interest, so that's why we're glad you're here. I just, I really, really am interested in this stuff. Steve: Well, and it comes from my passion. And so I like somebody like you who really has a broad-brush understanding of this. This is how stuff works, how crypto works.
BOOTTOO BIG REALPLAYER 7 HOW TO
So this show is more than just how to lock your browser. Leo: Yeah, well, it's true, I mean, I have to say, if you're going to do a security show, there are lots of security experts, but there are very few with the breadth and depth that you have. It's time for Security Now!, the show that helps you stay safe online with the man, the myth, the legend, Mr. Leo Laporte: This is Security Now! with Steve Gibson, Episode 294, recorded March 30, 2011: Your questions, Steve's answers, #114. Quarter size (16 kbps) mp3 audio file URL: High quality (64 kbps) mp3 audio file URL: They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. Description: Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes.