It was simple to secure and NO ONE will ever know how I have done it.

MWHAHAHA

Auntie.
————-

Erm well I’m a bit stunned. I thought it would be something at least “clever” with cookies and javascript that was “the fix” that “secured” the iPhone version of the iPlayer. But no. All they are doing is checking the the user agent string again!

This time for the QuickTime user agent: “Apple iPhone v1.1.3 CoreMedia v1.0.0.4A93″

It does mean however that you can’t just use a browser based switcher but as I predicted someone had figured it out by the end of the day. 10 minutes to midnight.

Now I can’t seem to get Ruby working on my box but I may quickly knock up a PHP/libCurl version of this as its so simple.

Love,

John
——-
What am I rambling on about? Well last week the Beeb decided to launch their fab iPlayer service for the minority mobile platform that is the iPhone/iTouch. However as they didn’t want to use flash video and Apple don’t license their DRM technology they decided to use a non DRM version of Mpeg 4.

The Beeb’s first go at “security” was to use the user agent strings that browsers send to web servers. This was quickly spotted and blogged about. Soon people were able to download and keep Mpeg4 versions of shows from iPlayer if they had and iPhone or not.

Today the Beeb announced that they had fixed this loophole. As Apple don’t license their DRM technology the DRM free files will still be available so they must be using some other way of identifying a browser as an iPhone/iTouch user.

The only other option open to them is javascript. They will be browser sniffing somewhere and either setting a cookie with javascript to say if a browser is actually an iphone or not or doing some redirection in the javascript to say a user is not able to request a file.

Either way I bet someone will find a way around it by the day’s end.

According to The Register someone already has and I think one of my two guesses are correct but the journo is keeping quiet as he doesn’t want to spoil the fun of people figuring it out themselves.

Now if I wonder if Dave thinks me spending my afternoon trying to crack it is a good use of his money…..