Uh Oh - Music File Flaws Could Threaten Traders
 

Robert Lemos

A security firm on Wednesday warned that people using Windows XP or popular music player WinAmp could fall prey to a vulnerability, enabling a modified music file to take control of a person's PC.

Flaws in both pieces of software could introduce malicious MP3 or Windows Media files--which sound identical to unmodified music--into the file-swapping systems, said George Kurtz, CEO of Foundstone.

"These particular vulnerabilities are definitely attack vectors for any people or entity that is looking to go after those that are taking part in file-swapping activities," he said.
http://news.com.com/2100-1001-978403.html

- js.

Thanks for the heads up, Jack! :tu:

If you use WinAmp, better upgrade it to the latest 3.0C version from their site.

- tg ;)

Not only sad but dirty lowdown
 

I love my old, decrepit winamp.

I hate to change it.

:m:

Postscript: i'll have to check back for the lite and standard versions.

763 thread posters & 26922 viewers can´t be wrong

winamp 3.0 = not sooo good.


theflaco

me too. :(

- js.

just reading through the bitchiing threads and
 

am really surprised at the hostility between the users and the moderators :S

I really think these peeps have a legimate bitch although many of the rants could have been more mildly phrased - the point is, many are very unhappy with 3.0. I can understand why.

Whether the program is free or not, Winamp developers, if wise, should highlight the particulars of legitimate bitches and use it fine tune the program (which i believe they are since a lite and standard version are on the way).

One particular rant comes to mind..........<won't c&p it for obvious reasons> where the ranter says many users thought 3.0 would be an upgraded (improved) version of 2.8. Instead, they get a totally different playa loaded with bloated processes and pretty pictures.

Don't know about most of you guys here - I tried the 3.0 betas and found it intolerable. I didn't bitch about it on the forums but I tell ya, my puter sure heard a wealth of interesting cuss-word combinations.

There's a place for bloat (for instance, sometimes I like to load my MMJB Plus and WMP <X-tra large w/a twist) but for everyday use, nothing beats winamp 2.8 for great on-the-fly listening pleasure.

It's a crying shame that in order to prevent a malicious mp3 file from going Rambo on your box, you have to install 3.0!

Since (according to that board) they're still working with 2.8, they'll come up with a fix for it and not neglect the tried and true.

<sigh>

GR, thanking her lucky stars the moderators here aren't so crabby and hostile.

:tu:

im keeping my 2.8, if my computer blows up so be it

I hated 3.0 and went back and got 2.81...

Malk mentions here that the 3.0 and the latest 2.8 build fixed this hole. Anyone know offhand if 2.81 (d/l'd about 2 months ago) is considered to be a safe version?

Don't tell me this is the minibrowser bug from a while ago.

I went to the winamp site and found no indication of this problem anywhere.

I downloaded the 2.81 executable anyways, and comparing it to the old one I found out that the new one is 28 bytes bigger, but I'm not sure that's indication of anything. It looks like they are both the same executable.

So, there's anyone that has certified info about all this mess?

Where's the horse's mouth when you need it?



:S:

from the Breaking News section of the WinAmp forums here

2.81 has been rebuilt with the fix. Download it from http://classic.winamp.com/download/

Winamp...PWAHAHA!!!

Thanks
 

Tanks to daddydirt for the links.

There are other people there as confused as I was. It looks like Nullsoft is neither happy with this flaw nor with the cold reception of Winamp 3, so is going the hush-hush route about all this.

Oh well, is always hard to compete against MS and Real.

When I reinstall 2.81 I'm gonna be checking the replacement of "in_mp3" that now should show: "Nullsoft MPEG Audio Decoder 2.81b", according to one of the posters in Nullsoft's forum.

Winamp (2.80s) is one of the last few things in the net where simplicity and beauty in execution go hand to hand, so keep your executables secure and handy, because the future looks ugly.



:S:

Re: Thanks
 

that's so true spstn.

- js.