Olympic flash of gold for Microsoft
By Davey Winder in Editorial
Posted in Adobe, Internet, Microsoft on
Silverlight has, to be fair, not exactly set the world on fire. Microsoft was obviously hoping it would, and there’s nothing majorly wrong with the Silverlight 2 Beta to prevent it. Other than the market share enjoyed by Adobe Flash of course.
Ay, there’s the rub. And while quoting from Hamlet, I might as well drag out some of the words that follow that, as they seem to apply so well to Microsoft with regards to Silverlight: what dreams may come?
As it turns out, those dreams were in Chinese.
Could it really be that the Beijing Olympics are the Saviour of Silverlight? Well I’m pretty damn sure the Games of the XXIX Olympiad are not going to do it any harm in the getting the word out stakes.
Or more precisely the ‘getting Silverlight installed’ stakes. Whoever managed to pull off the deal with NBC to drive the online video coverage of the Olympics deserves a medal, a big shiny gold one at that. Not that I suspect it took too much negotiating considering how the two have worked so well before. MSNBC ring any bells?
The Silverlight ability to adaptively stream the video data depending upon the available bandwidth, together with certain copy protection promises, seemed to do the trick.
So just how much of a success has the NBC Olympics coverage been for Silverlight? Ah, Microsoft isn’t actually saying. It would appear to be sticking to its standard ‘up to 1.5 million downloads a day’ line that has been spun out since, well, almost forever. At least it seems that way from here.
However, some reports suggest that the real figures are a whole heap of beans higher.
How does 25 million unique visitors for NBCOlympics.com via MSN during the Games so far grab you? Or how about the fact that more than half the visitors in recent days have already got Silverlight installed?
With 22 million videos streamed so far, that’s a pretty impressive showcase for what was looking like a near-miss technology just a few weeks ago…
Rated: 100% (1 votes)
Loading ...
Chaos Computer Club explodes Adobe PDF security bomb
By Davey Winder in Editorial
Posted in Adobe on
Adobe Reader has been pretty much single handedly responsible for ensuring PDF has become the de facto portable document publishing format on the web. It could also single handedly allow a universal cross scripting (XSS) exploit to compromise your website and your business. How serious is this particular vulnerability? Well, how serious does the fact that any site hosting a .pdf file could be at risk from attack.
As Stefano Di Paola and Giorgio Fedon revealed at the Chaos Computer Club in Berlin, the open parameters feature of the Adobe Reader browser plug-in allows for the arbitrary execution of JavaScript code on the client side, and that code could easily come with malicious intent. Indeed, Symantec has gone as far as stating in its security response blog that the “ease in which this weakness can be exploited is breathtaking” and they are not wrong. In the past such XSS attacks have had to rely upon a server-side flaw, but this is client-side and a hugely popular client-side application at that. It changes the rules of engagement, and changes the threat landscape.
Other than upgrading to Adobe Reader 8 while waiting for Adobe to hit the patch distribution trail, it would seem the only other mitigating solution might be to force such files to open in the full Acrobat client and not the Reader browser plug-in by removing the Adobe Reader filetype associations for your browser. Assuming, that is, your browser is Firefox or a version of IE before 7 as only these clients are thought to be at risk. I’d recommend disabling the Reader plug-in and making sure JavaScript filtering at the IDS or firewall is implemented on your network.
Not yet rated
Loading ...
Tag cloud
Archives
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
Most commented posts
- Cuil frozen out: market share drops to next to nothing
20 comments
- Windows XP: the invincible OS
- Gatecrashing the WiFi hotspot party
- The 24 year old software that is still going strong
- Home workers are sick
- Big Brother Apple
- Spear phishing Catch 22 for Salesforce.com
- Dumbest phisher in history revealed
- Is BT misleading consumers with Option 2 broadband?
- Why ecommerce fails
Highest Rated Blog Posts
- Why ecommerce fails (100%)
- Betting on Hubdub technology (100%)
- Chinese whispers as government implicated in UK hack attacks (100%)
- Crimeware toolkit targets 10,000 trusted sites (100%)
- Black Hat risk to migrating VMs (100%)
- Tough on cyber crime, tough on the causes of cyber crime (100%)
- Firefox 3, Beta 4, Enhancements 900, Tested 5 (100%)
- Slowly slowly catchee Government IT monkey (100%)
- Who needs another set of web standards? (100%)
- The 6.5 billion quid hello (100%)