Huffers
April 22nd, 2006, 10:50 PM
I've noticed that videos on CNN.com, eg the one linked to on this page
http://www.cnn.com/2006/US/04/21/nail.gun.ap/index.html
check that Windows Media Player is installed before allowing you to play them.
Assuming it's their intention to exclude non-microsoft solutions (eg totem, mplayer) I'm pretty sure their mechanism for checking the brand of the player is vulnerable to spoofing by unscrupulous hackers.
Also, their site doesn't even check the brand of web browser before sending the html data -- thus allowing people using non-microsoft solutions such as Opera and Firefox access to the site!
I'm wondering about sending them an email warning about these site vulnerabilities, what do people think?
http://www.cnn.com/2006/US/04/21/nail.gun.ap/index.html
check that Windows Media Player is installed before allowing you to play them.
Assuming it's their intention to exclude non-microsoft solutions (eg totem, mplayer) I'm pretty sure their mechanism for checking the brand of the player is vulnerable to spoofing by unscrupulous hackers.
Also, their site doesn't even check the brand of web browser before sending the html data -- thus allowing people using non-microsoft solutions such as Opera and Firefox access to the site!
I'm wondering about sending them an email warning about these site vulnerabilities, what do people think?