Comments on: RealPlayer 'Zero Day FIX' Hits the Web

By: CopiaTECH SMB Security

CopiaTECH SMB Security — Mon, 22 Oct 2007 19:44:02 +0000

I am not sure a lot of people understand how much companies like McAfee, Symantec and more work together along with the rest of the software community to “shore-up” security everywhere. I try my best to educate customers on how everyone really tries to work together and sometimes in the solution can be so risk, but there is no real avoiding it.

Vulnerability reporting is like a flu shot, there is some of the bug in the cure!

Michael Rowles
CopiaTECH SMB Security

By: Craig Schmugar

Craig Schmugar — Mon, 22 Oct 2007 18:21:45 +0000

Re: you write that as though you truly believe Real responded to your blog posting.

Nope. ‘In less than 24 hours’ was referring to the time they seemingly became aware of this particular case, and had nothing to do with our blog post.

As far as Real having prior knowledge of the vuln, that’s possible. I suspect that was not the case, but there are probably only a handful of people who’d know for sure. Even if they had prior knowledge, a 24 hour turn-around from the time the incident went public to a patch being available is relatively quick. Though we don’t know if the fix was sitting in a queue waiting for someone to press a button, I’ll give the benefit of the doubt against that scenario.

By: Peter James

Peter James — Mon, 22 Oct 2007 00:12:00 +0000

“Earlier today we posted a blog entry: RealPlayer Zero Day Exploit Hits the Web. Well RealPlayer responded RealQuick. In less than 24 hours they managed to ship a patch.”

- you write that as though you truly believe Real responded to your blog posting. What makes you think they haven’t known about the vulnerability for days, weeks or even months? Who are you guys trying to fool – yourselves?