ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Jobs
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


Industry watch Toolkit

RealNetworks video flaws unearthed

Bob Sullivan, MSNBC ZDNet.co.uk

Published: 06 Jun 2000 13:43 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

For the second time in six weeks, a group of South American security researchers has discovered a simple method for breaking RealNetworks streaming video servers. Underground Security Systems Research revealed Thursday that a single URL sent at a Real video server causes the system to stop functioning. The company says it will have a fix for the problem soon.

The vulnerability comes on the heels of an announcement by Microsoft that it had patched a flaw in its Windows Media Encoder that could jeopardize streaming media providers that supply real-time broadcasts of streaming media.

Underground Security Systems Research (USSR) researchers in April released a program called 'realdie.exe' that made it easy for attackers to shut down a Real server. It did not allow a computer intruder to gain access to files on the machine. Thursday's flaw attacks a different mechanism but produces the same result. The group has also told MSNBC it plans to release a third attack within the next few weeks.

A company spokesperson confirmed that the flaw announced Thursday was a real problem, but added that the firm was unaware of any cases where a customer has actually been victimized by the attack. She said it exploits a problem with a technology called 'View Source', which allows content and media file information to be displayed in a Web browser -- as opposed to appearing in a stand-alone player.

The security researchers attempted to warn Real about the flaw before it was published on the security mailing list 'Bugtraq', but e-mails sent to support@real.com on May 23 only generated automated responses.

A spokesperson said the messages never reached the company's technical support team, and the firm is studying its procedures. It's not uncommon for companies to generate automatic responses to publicly available e-mail addresses. "Every address on our Web site just gets a lot of e-mail," the spokesperson said.

According to the company, administrators concerned about the flaw can protect their servers by shutting off the 'View Source' option. Instructions for that solution are:

  • Step 1: In RealSystem Administrator, click View Source, then click Source Access.

  • Step 2: In the Master Settings area, select "Disable View Source."

What do you think? Tell the Mailroom. And read what others have said.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with Konica

Did you find this article useful?
37 out of 90 people found this useful


In association with Intel

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Industry watch


Company/Topic Alerts

Create a new alert from the list below:






Related Jobs

System Architect (Storage, SAN, NAS) - Leicester, Midlands

SAP FI CO Consultant - Manchester.

C# Developer

Featured Talkback

In association with Intel
When all is said, if Microsoft produce the best product people will buy it and thats a good thing. If people have to buy their product because no one else can produce an alternative, only because interoperability protocols are kept secret, then thats a bad thing.

By: pround

Read full story:
EU court crushes Microsoft's antitrust appeal