Real Media attacks real people via RealPlayer Hackers have rooted into a server owned by internet advertising network 24/7 Real Media and used it to serve malware-laced banner ads that tried to circumvent security mechanisms on end users' machines, Symantec researchers said. The malware exploited a previously unknown vulnerability in Real Player that was patched on Friday …
This news item comes as no surprise to me.
I have long avoided all Real Media software and - patched or unpatched - would never let Real Player near my machine, mainly because it is hopelessly buggy and inherently insecure (see El Reg passim) but also because it constantly tries to phone home and spy on me.
Worryingly, the BBC's 'Listen Again' feature still requires users to download RP. As a licence payer, I strongly object to the Beeb pimping a flawed and insecure proprietary programme. It's not as if they warned users of the potential risk or offered security advice.
Internet security is virtually a contradiction in terms nowadays, of course. But that still doesn't absolve public service providers from their responsibility to help safeguard users wherever possible. As far as I am concerned, advocating Real Media's products is an obvious dereliction of that duty of care.
They have already disgusted me once with their Big Brother tactics and pushy adware tendancies.
I won't be installing that tripe again. I don't care how "good" it has become, or that this issue is independant of their will. RealMedia has proven itself to be run by crooks, and once a crook, always crooked in my book.
As far as I'm concerned, RealMedia can shrivel up and die.
And also: fixed my system by uninstalling realplayer. Pity that some sites still require it for their vids and that streaming video on windows media player is so buggy (at least in my experience).
I guess some people will think I deserve the PH icon just for saying that I hope all vids should be flash vids from now on. Most sites that use WMP or Real have let me down sooner or later. All those flash web2.0 thingies do work at least. And so far I did not have to upgrade flash each day.
Okay, Real Networks, Real Media and RealPlayer aside, who actually wants to look at ads all day as they surf the web anyway?
Seeing just a few people actually admit to it begs my next question: why are people not blocking it - all of it?
Ask your friend who knows a little about computers if you do not - and get into a real browser with plugins to block JavaScript, ads, iframes, and pop-up windows... if your favourite website uses those things, at least you can get to the meat and potatoes more quickly, and (so it seems) have fewer intrusions into your already cluttered computing life. Play safe.
"An IFrame contained in the tainted ads pointed to malicious code hosted on a server located in the Netherlands that has a history of attacking honeypot machines maintained by Symantec."
A glaringly obvious question: Why have the legal authorities in the Netherlands not arrested that server's operator?
Oh, wait, it's neither the UK nor the US, and he's not providing links to copyrighted shite, so the plods can't be buggered to get off their arses, can they?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
