Cycling and bicycle discussion forums. 
   Click here to join our community Log in to access your Control Panel  


Go Back   > >

Foo Off-Topic chit chat with no general subject.

User Tag List

Reply
 
Thread Tools Search this Thread
Old 02-02-06, 11:36 AM   #1
mechBgon
Senior Member
Thread Starter
 
mechBgon's Avatar
 
Join Date: Jul 2002
Bikes:
Posts: 6,957
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
WinAmp users: update your WinAmp.

The bad guys have discovered a nifty exploit for WinAmp. You can get the fixed 5.13 version from http://www.winamp.com/player/

From McAfee's writeup of the vulnerability:

Quote:
This detection covers a 0-day exploit targeting WinAmp 5.12 that allows remote code execution via a specially crafted play list (.pls) file. Such exploit files could be executed with little user intervention (such as visiting a website that hosted malicious files), and the end result could be the silent installation of any number of viruses, trojans, and potentially unwanted programs.
mechBgon is offline   Reply With Quote
Old 02-02-06, 12:10 PM   #2
free_pizza
later
 
free_pizza's Avatar
 
Join Date: Sep 2004
Bikes:
Posts: 2,471
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
winamp stinks IMO. iTunes all the way
free_pizza is offline   Reply With Quote
Old 02-02-06, 12:35 PM   #3
KingTermite 
On my TARDIScycle!
 
KingTermite's Avatar
 
Join Date: Jun 2005
Location: Eastside Seattlite Termite Mound
Bikes: Trek 520, Trek Navigator 300, Peugeot Versailles PE10DE
Posts: 3,924
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
ITunes is HORRIBLE IMO....WinAmp all the way!!!

Thanks for the heads up....I'm updated!
__________________
Quote:
Originally Posted by coffeecake View Post
- it's pretty well established that Hitler was an *******.
KingTermite is offline   Reply With Quote
Old 02-02-06, 01:39 PM   #4
bmxking
you wont.
 
Join Date: Feb 2006
Location: ohio
Bikes: premium
Posts: 2
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
good job!
bmxking is offline   Reply With Quote
Old 02-02-06, 07:10 PM   #5
iamlucky13
Footballus vita est
 
iamlucky13's Avatar
 
Join Date: Jun 2002
Location: Portland, OR
Bikes: Trek 4500, Kona Dawg
Posts: 2,118
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
According to the article, I'm safe. Winamp 2.93 has neither the vulnerability nor the bloat.
__________________
"The internet is a place where absolutely nothing happens. You need to take advantage of that." ~ Strong Bad
iamlucky13 is offline   Reply With Quote
Old 02-02-06, 09:31 PM   #6
mechBgon
Senior Member
Thread Starter
 
mechBgon's Avatar
 
Join Date: Jul 2002
Bikes:
Posts: 6,957
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by iamlucky13
According to the article, I'm safe. Winamp 2.93 has neither the vulnerability nor the bloat.
I hope you're right about 2.93 not having the vulnerability Here is Sunbelt's Blog writeup of an instance of WinAmp exploit that's being used to infect systems with both SpySheriff and a CWS variant

http://sunbeltblog.blogspot.com/2006...953448796.html

Screenshots included, for the eyecandy-oriented folks.
mechBgon is offline   Reply With Quote
Old 02-03-06, 06:34 AM   #7
KingTermite 
On my TARDIScycle!
 
KingTermite's Avatar
 
Join Date: Jun 2005
Location: Eastside Seattlite Termite Mound
Bikes: Trek 520, Trek Navigator 300, Peugeot Versailles PE10DE
Posts: 3,924
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by iamlucky13
According to the article, I'm safe. Winamp 2.93 has neither the vulnerability nor the bloat.
Everybody "said" that when WinAmp 5 was coming out.....but I switched over and don't notice any significant bloat over the old 2.x versions.
__________________
Quote:
Originally Posted by coffeecake View Post
- it's pretty well established that Hitler was an *******.
KingTermite is offline   Reply With Quote
Old 02-03-06, 07:53 PM   #8
iamlucky13
Footballus vita est
 
iamlucky13's Avatar
 
Join Date: Jun 2002
Location: Portland, OR
Bikes: Trek 4500, Kona Dawg
Posts: 2,118
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Thanks for the link. Given the method it attacks (buffer overrun in the playlist) there actually is a pretty good chance that mine is vulnerable. I'll just have to be careful where I stream music from. CWS is one of the really annoying adware programs.

The installer for winamp 2.x is 1.87 MB. The installer for winamp 5.13 is listed by CNET as 5.27 MB (2.8 times the size). I know there's more features, but I'm happy as is and I don't have as much RAM as I'd like anyway.
__________________
"The internet is a place where absolutely nothing happens. You need to take advantage of that." ~ Strong Bad
iamlucky13 is offline   Reply With Quote
Old 02-03-06, 08:39 PM   #9
TexasGuy
That darn Yankee
 
TexasGuy's Avatar
 
Join Date: Jun 2005
Location: West West Fort Worth
Bikes: Mongoose XR-100, Eros Bianchi
Posts: 4,286
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
WMP For the win I remmeber back when I used to use winamp.
__________________
Life is about hanging onto what you think is important and finding out what really is important.
"Stop Ruining my joke!", "No, a joke implies humor attached at no additional cost"
So many sayings, so little sig space.
TexasGuy is offline   Reply With Quote
Old 02-03-06, 08:43 PM   #10
Totoro
King of the Forest
 
Totoro's Avatar
 
Join Date: Mar 2005
Bikes:
Posts: 779
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 4 Post(s)
Quote:
Originally Posted by free_pizza
winamp stinks IMO. iTunes all the way
I'm with you. WimpAmp has too many security holes and allows too much spyware to get installed on client computers. Itunes is fantastic!!!!!!!!!
Totoro is offline   Reply With Quote
Old 02-03-06, 08:43 PM   #11
TexasGuy
That darn Yankee
 
TexasGuy's Avatar
 
Join Date: Jun 2005
Location: West West Fort Worth
Bikes: Mongoose XR-100, Eros Bianchi
Posts: 4,286
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Winamp? spyware? wth
Don't run your computer as an administrator and you don't have to worry about 97% of spyware being installed.
__________________
Life is about hanging onto what you think is important and finding out what really is important.
"Stop Ruining my joke!", "No, a joke implies humor attached at no additional cost"
So many sayings, so little sig space.
TexasGuy is offline   Reply With Quote
Old 02-03-06, 08:52 PM   #12
explody pup
Guest
 
Bikes:
Posts: n/a
Mentioned: Post(s)
Tagged: Thread(s)
Quoted: Post(s)
I haven't read the article. Do you have to manually run the playlist or is it something that works automatically?
  Reply With Quote
Old 02-03-06, 08:53 PM   #13
TexasGuy
That darn Yankee
 
TexasGuy's Avatar
 
Join Date: Jun 2005
Location: West West Fort Worth
Bikes: Mongoose XR-100, Eros Bianchi
Posts: 4,286
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by explody pup
I haven't read the article. Do you have to manually run the playlist or is it something that works automatically?
From what i read, the danger would come from listening to playlists from streamed radio stations.
__________________
Life is about hanging onto what you think is important and finding out what really is important.
"Stop Ruining my joke!", "No, a joke implies humor attached at no additional cost"
So many sayings, so little sig space.
TexasGuy is offline   Reply With Quote
Old 02-03-06, 08:55 PM   #14
explody pup
Guest
 
Bikes:
Posts: n/a
Mentioned: Post(s)
Tagged: Thread(s)
Quoted: Post(s)
Quote:
Originally Posted by TexasGuy
From what i read, the danger would come from listening to playlists from streamed radio stations.
Oh. Well I guess I'm safe, then. I probably should update. I'm just lazy.
  Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -6. The time now is 10:00 PM.