Hi there, following the thread about insecure online updates of MacOS-X, how about the online update of the Quicktime 6 player? It seems to connect the same way, only making a simple GET request without https or similar ways. The reply is simple xml structure with embedded downloadlinks and checksums. If I would get that far to make my own reply I could for shure make my own download links and checksums. A sample reply is attached. Isn't the quicktime using community a much bigger target than MacOS-X users? bye, -- Think-Safety www.security-gui.de
This archive was generated by hypermail 2b30 : Tue Jul 16 2002 - 09:45:57 PDT