[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <000a01c6bfe2$d4981a90$02e3e43f@visp.net>
Date: Mon, 14 Aug 2006 13:47:17 -0700
From: "Kameron Gasso" <kgasso-lists@...p.net>
To: "'Geoff Vass'" <geoff@...zow.com.au>, <bugtraq@...urityfocus.com>
Subject: RE: Google Picasa Listening on Port 80?
Geoff Vass <mailto:geoff@...zow.com.au> wrote on Friday, August 11, 2006
5:28 AM:
> I'm using Picasa 2.5 Beta (32.43), and I notice from Sysinternals'
> TCPVIEW app that it is listening on port 80. So I fire up the
> browser, and sure enough, http://localhost returns a blank page. When
> I close Picasa, the browser returns "The page cannot be displayed".
>
> What a great idea, a user-mode graphics application listening on the
> most attacked port!
>
> Picasa 2.2 (28.20) doesn't do this.
>
> Cheers
> Geoff Vass
Hi,
After doing a little digging, the Picasa 2.5 Beta only appears to only bind
to the localhost interface. Outside attack hopefully wouldn't be an issue,
but I can forsee some serious conflicts with other applications running
locally on the user's PC if there's not a simple method of disabling this,
and I'm not seeing an option to disable this in the app itself. Guess
that's why it's a Beta. :)
Thanks,
Kameron Gasso
kgasso@...p.net
Powered by blists - more mailing lists