Hacking Team’s Leak Helped Researchers Hunt Down a Zero-Day
wired.comOriginal article by Kaspersky Labs here: https://securelist.com/blog/research/73255/the-mysterious-ca...
Interesting takeaways:
* Netflix went with Silverlight?
* People building SCADA systems went with Silverlight?
* What got it found is leftover debugging code in an exploit proof-of-concept (possibly) "borrowed" from someone else.
Netflix used Silverlight for their streaming product in browsers for years, because it offered DRM they couldn't get from other streaming solutions.
It was certainly the only reason I ever installed Silverlight, and I suspect I was not alone.
Interesting, and I never noticed because A) I don't have a Netflix subscription and have intentionally avoided installing Silverlight (and Flash, except within Chrome) and B) the PCs I deal with on a daily basis don't have any business need for it so Silverlight's never been installed on them either for the most part.
Microsoft has really sold silverlight before abandoning it and it really did had quite a few features. SL allowed you to run very complex code through the web which allowed people to easily migrate rich clients to the web like they've done so with activex before. Companies that build scada are most likely big and old software houses so they'll use enterprise software which means Java or .net since it's easier to sell to thier old fashion clients than "were running nose.js and go with a python wrapper".
Netflix used SL as previously mentioned since it could be integrated with vista's built in DRM which allowed Netflix to sell it to the content owners as a way to ensure that their content will be safe.