The war between adobe and apple has been waging for quiet some time now. Even if now its passive, the fact that fact that Adobe defeated Apple defeated, is a clear conclusion with proofs to back it up. In the beginning when Steve jobs wrote his open letter stating that flash was a out dated technology and that it could not be suitable for mobile devices, it was evident that Apple saw Adobe’ flash technology as a threat to its own app ecosystem. After many attempts of using html5 as a backup to beat flash and protect their ecosystem, Adobe flash has proven its worth in the mobile ecosystem. (more…)
Oh! well believe it or not its on the verge of that. After a much appreciated effort from Steve jobs to prove that their devices couldn’t play flash because flash was buggy, the truth has come out rather remarkably… i devices cannot play flash …not today not tomorrow not ever…
What this means:
Remember HTML5 is suppose to be a standard. In the quick near future if HTML5 cannot seriously mature to its expected level.. even 2020 is too quick to bet on that technology. All investments made on HTML5 are going to be wasted if you cannot (more…)
Recently working on a custom player implementaion on ustream.com using their api, i found a huge loophole that i would like to share. Ustream lets you create public/private channels and then broadcast on them using fmle or swf based publisher. Private channels can be password protected, so only people with right password can view it. But here is the catch !! The password based security system is pretty invalid in itself.
While programming on the platform i noticed that the player uses amf protocol to send receive data to server. So here is how you can hack any one’s private channel (password protected).
1. Go to https://addons.mozilla.org/en-US/firefox/addon/1843/ and install firebug extension for firefox.
2. Go to the page which hosts the private channel and open the firebug debug panel. Make sure you have enabled the Net panel.
3. Next without much effort if you see you will notice that, while going through the requests made by the site to ustream, the amf call with the password tagged to it is very clearly visible.
So there you have it both channel id and password for the stream !. Not so protected is it now ? 🙂
Has this method been fixed by ustream? I am not having any luck. I am trying to watch: http://www.ustream.tv/recorded/9438662…
Even as the current market for Adobe Flash soars sky high, we cant forget what Adobe went through a little while back, taking backlash from Apple. Riding on waves of iPhone/iPad success, the company had completely forgotten a very simple thing. “What you throw at others, comes back at you one day.” (more…)