Comments on: Backdooring MP3 Files

By: Google Search Results Poisoning | GNUCITIZEN

Google Search Results Poisoning | GNUCITIZEN — Thu, 12 May 2011 09:47:36 +0000

[...] by searching for GNUCITIZEN. I was expecting to see the GNUCITIZEN front page, AttackAPI, the backdooring articles and some Full-Disclosure and Bugtraq posts. To my surprise, the search result was quite [...]

By: MySpace QuickTime Worm Follow-up | GNUCITIZEN

MySpace QuickTime Worm Follow-up | GNUCITIZEN — Mon, 09 May 2011 17:02:31 +0000

[...] how this particular MySpace hack works but rather to send a reminder to the security community that another QuickTime XSS vector was found right after the first one. This vector can be used in a similar way [...]

By: XSS Prelude | GNUCITIZEN

XSS Prelude | GNUCITIZEN — Sat, 13 Nov 2010 01:11:02 +0000

[...] was also the month of Web Media Formats related XSS issue. Vulnerabilities in QuickTime .mov, .qtl and Adobe .pdf were found. In January 2007 a Universal Cross-site Scripting (UXSS) hole was [...]

By: Operation n » Malware Security Testing

Operation n » Malware Security Testing — Thu, 08 Jan 2009 23:01:37 +0000

[...] myself and pdp (arcitect) have recently found or reported serious malware potential in Quicktime, MP3, PDF, Flash and RSS to name a [...]

By: Persistent Bi-directional Communication Channels | GNUCITIZEN

Persistent Bi-directional Communication Channels | GNUCITIZEN — Fri, 02 Jan 2009 03:05:42 +0000

[...] Cross-site Request Forgery and social engineering but also by altering media content such as Flash, Music and Video formats. More over this can be now done from the browser if data URLs are supported. [...]

By: Sploiter Splog | GNUCITIZEN

Sploiter Splog | GNUCITIZEN — Fri, 28 Nov 2008 15:27:20 +0000

[...] the techniques such as persistent channels, backdoors in QuickTime, backdoors in Flash, backdoors in PDF, backdoors in RealMedia and backdoors in RSS feeds in [...]

By: AttackAPI 0.8 is OUT | GNUCITIZEN

AttackAPI 0.8 is OUT | GNUCITIZEN — Fri, 10 Oct 2008 08:34:16 +0000

[...] is my favorite because it redefines the boundaries of today’s computer security. Don’t open any mp3, QuickTime, PDF, or html file that you don’t trust. It might have one of these installed. Once [...]

By: Mary

Mary — Sun, 06 Apr 2008 15:44:42 +0000

Hi, thanks. but my Kaspersky AV blocks this files :(

By: Info World » Blog Archive » After attacks, Apple fixes QuickTime bug

Info World » Blog Archive » After attacks, Apple fixes QuickTime bug — Fri, 14 Dec 2007 14:14:39 +0000

[...] Media Link (QTL) file format used by the media player. Security researchers have recently been looking at the way QuickTime works with these files as a potential source of new [...]

By: tapasman

tapasman — Tue, 27 Nov 2007 17:14:11 +0000

I get a broken file, when using IE6 and QT 6.0.

By: Ari

Ari — Tue, 20 Nov 2007 22:58:16 +0000

Nice work ! But Kaspersky AV blocks these backdoored mp3 files.

By: IT Security mobile edition

IT Security mobile edition — Sat, 15 Sep 2007 13:37:03 +0000

[...] of concept exploit. The vulnerability itself, however, is apparently not newly discovered: it was first reported almost a full year ago. Unfortunately, the announcement of the proof of concept exploit misuses the term “0 day [...]

By: 0ole

0ole — Fri, 14 Sep 2007 11:13:47 +0000

Doesn’t works on Mac OS X with the latest Quicktime updates. Might be a Windows Quicktime only problem then.

By: Ryan Naraine’s Zero Day mobile edition

Ryan Naraine’s Zero Day mobile edition — Wed, 12 Sep 2007 17:13:58 +0000

[...] released details on vulnerabilities in Apple’s QuickTime media player to show how movie and .mp3 files can be backdoored to hack into [...]

By: Severe QuickTime vulnerability in Firefox disclosed : Mozilla Links

Severe QuickTime vulnerability in Firefox disclosed : Mozilla Links — Wed, 12 Sep 2007 14:33:46 +0000

[...] is the third time GNUCITIZEN discloses this same vulnerability: it was initially disclosed about a year ago and again some months [...]

By: 0DAY: QuickTime pwns Firefox | GNUCITIZEN

0DAY: QuickTime pwns Firefox | GNUCITIZEN — Wed, 12 Sep 2007 12:06:50 +0000

[...] to say a few things. Last year I disclosed two highly critical QuickTime vulnerabilities here and here. The first vulnerability was fixed but the second one was completely ignored. I tried to bring the [...]

By: yamzzz

yamzzz — Thu, 11 Jan 2007 07:27:41 +0000

nice!!!!!!!!!!

By: GNUCITIZEN » DANGER, DANGER, DANGER

GNUCITIZEN » DANGER, DANGER, DANGER — Wed, 03 Jan 2007 09:03:19 +0000

[...] The WEB has gone crazy. I know that this is not news for some of you but you will be surprised to what extend this craziness has just developed. It seams that the entire WEB is falling apart and someone has to do something otherwise we risk to lose too much. Among the traditional QuickTime Movie, QTL, Flash, Image, HTML and PDF backdoors, there is another one trivially achievable with high degree of impact. [...]

By: Top Web Hacks of 2006 » Hack Report

Top Web Hacks of 2006 » Hack Report — Tue, 02 Jan 2007 03:07:28 +0000

[...] 1. Web Browser Intranet Hacking / Port Scanning – (with JavaScript and with HTML-only and the improved model) 2. Internet Explorer 7 “mhtml:” Redirection Information Disclosure 3. Anti-DNS Pinning and Circumventing Anti-Anti DNS pinning 4. Web Browser History Stealing – (with CSS, evil marketing, JS login-detection, and authenticated images) 5. Backdooring Media Files (QuickTime, Flash, PDF, Images, Word [2], and MP3’s) 6. Forging HTTP request headers with Flash 7. Exponential XSS 8. Encoding Filter Bypass (UTF-7, Variable Width, US-ASCII) 9. Web Worms – (AdultSpace, MySpace, Xanga) 10. Hacking RSS Feeds [...]

By: abcas

abcas — Sat, 23 Dec 2006 11:34:00 +0000

usefull cuzz it happened 2 me every tim i just explore a file with mp3 in it the explorer closes and starts again and when i scanned my comp i found the amount pf viruses = 2 the amount of songs (mp3 files) but i really cant fix it can u help me ????