Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Backdooring MP3 files (plus QuickTime issues and Cross

from [pdp (architect)] Network Security [Permanent Link]
Subject: [Full-disclosure] Backdooring MP3 files (plus QuickTime issues and Cross-context Scripting)
Date: Wed, 20 Sep 2006 22:49:41 +0100 
http://www.gnucitizen.org/blog/backdooring-mp3-files

MP3 files can be backdoored with malicious content too.

Over the past few days I have been exploring different features of
Apple's QuickTime player - key software component of iTunes and
standard part of many home and business workstations. A lot of
research was conducted and some problems, which IMHO are quite
serious, were found. Please take this post as a security notice.

QuickTime is quite versatile and flexible media platform which has a
lot of functionalities. I quite like it I must say. I even use iTunes
on daily basis. Unfortunately because of its flexibility QuickTime
seams to allow execution of malicious content in a form of JavaScript
from media files such as mp3, mp4, m4a and everything else that is
supported.

The article can be found at the link above.

-- 
pdp (architect)
http://www.gnucitizen.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] Backdooring MP3 files (plus QuickTime issues and Cross-context Scripting), pdp (architect) <=
Previous by Date:  Re: Hardcoded Database IP in ASP, security
Next by Date:  Re: Comparison report on web app security scanners now translated to English, Saqib Ali
Previous by Thread:  Comparison report on web app security scanners now translated to English, Cleiton Martins
Next by Thread:  Anybody got a licenced copy of Acunetix, Centric or other Web App Scans?, Dinis Cruz
Indexes:  [Date] [Thread] [Top] [All Lists]