Apple INC: Falling apart !!

Apple Stocks Financial firms all over the

world confirm that Apple (NASDAQ:AAPL), has lately been showing a retarded growth. It already seems that Apple stocks are on a 7-month low and still falling. (more…)

Hacking Private Channels Of Ustream

Recently working on a custom player implementaion on ustream.com using their api, i found a huge loophole that i would like to share.  Ustream lets you create public/private channels and then broadcast on them using fmle or swf based publisher. Private channels can be password protected, so only people with right password can view it. But here is the catch !! The password based security system is pretty invalid in itself.

While programming on the platform i noticed that the player uses amf protocol to send receive data to server.  So here is how you can hack any one’s private channel (password protected).

1.  Go to https://addons.mozilla.org/en-US/firefox/addon/1843/ and install firebug extension for firefox.

2.  Go to the page which hosts the private channel and open the firebug debug panel. Make sure you have enabled the Net panel.

Firebug NetPanel

3.  Next without much effort if you see you will notice that, while going through the requests made by the site to ustream, the amf call with the password tagged to it is very clearly visible.

Password Reveal

So there you have it both channel id and password for the stream !. Not so protected is it now ? 🙂

last comments
Mike Loftus
Mike Loftus

Has this method been fixed by ustream? I am not having any luck. I am trying to watch: http://www.ustream.tv/recorded/9438662…

Justice Prevails – “Apple the new world leader in software insecurity”


Even as the current market for Adobe Flash soars sky high, we cant forget what Adobe went through a little while back, taking backlash from Apple. Riding on waves of iPhone/iPad success, the company had completely forgotten a very simple thing. “What you throw at others, comes back at you one day.(more…)

Red5 – Online Application Generator


The Red5 Online Application Generator is a very simple but effective utility to generate Red5 application online. Do not worry if you don’t know Red5 or even Java. Generate streamer applications, with live broadcasting, streaming, recording and sharedObject capabilities in a single click. No compiling/editing needed. The generator creates red5 applications for you on the fly by injecting necessary information into pre-compiled red5 application templates and prepares them for hassle free use. (more…)

last comments ...
Simon
Simon

Yes please, could you update for red5 1.0 ? Thank you.
adilfacron
adilfacron

This is awesome, thank you. One little bug: I can not put a : character to paths, so fix…
Eyal
Eyal

please, please, please update it for red5 1.0...
Tincho
Tincho

Exelent app!
limes
limes

red5 v 1.0.1 pls update :)