lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <000a01c6bfe2$d4981a90$02e3e43f@visp.net>
Date: Mon, 14 Aug 2006 13:47:17 -0700
From: "Kameron Gasso" <kgasso-lists@...p.net>
To: "'Geoff Vass'" <geoff@...zow.com.au>, <bugtraq@...urityfocus.com>
Subject: RE: Google Picasa Listening on Port 80?

Geoff Vass <mailto:geoff@...zow.com.au> wrote on Friday, August 11, 2006
5:28 AM:

> I'm using Picasa 2.5 Beta (32.43), and I notice from Sysinternals'
> TCPVIEW app that it is listening on port 80. So I fire up the
> browser, and sure enough, http://localhost returns a blank page. When
> I close Picasa, the browser returns "The page cannot be displayed".  
> 
> What a great idea, a user-mode graphics application listening on the
> most attacked port! 
> 
> Picasa 2.2 (28.20) doesn't do this.
> 
> Cheers
> Geoff Vass

Hi,

After doing a little digging, the Picasa 2.5 Beta only appears to only bind
to the localhost interface.  Outside attack hopefully wouldn't be an issue,
but I can forsee some serious conflicts with other applications running
locally on the user's PC if there's not a simple method of disabling this,
and I'm not seeing an option to disable this in the app itself.  Guess
that's why it's a Beta. :)

Thanks,

Kameron Gasso
kgasso@...p.net

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ