Comments on: Backdooring QuickTime Movies

By: Top 10 web hacks trong năm 2006 - Công nghệ số

Top 10 web hacks trong năm 2006 - Công nghệ số — Thu, 30 Jul 2009 17:21:26 +0000

[...] Media Files (QuickTime, Flash, PDF, Images, Word [2], and [...]

By: student0911

student0911 — Mon, 23 Feb 2009 10:55:08 +0000

Whenever I read about how QuickTime makes cyberspace more scary or dangerous (JS is JS; I have JS enabled in my browser, but I won’t use IE outside the LAN; I just wish I could tell my browser to not load scripts from 3rd-party servers), it reminds me that the most dangerous thing about QuickTime movies is that the site with the most best hijacker-exculpatory 9/11 video evidence, 911blimp.net, chose to use QT (because, like a VCR, it lets the viewer pause and go frame-by-frame in either direction using the keyboard arrow keys) to present its videos. So, to the extent that people can be made to be extra reluctant to even open a .mov file, that helps keep the evidence (and danger to the actual perpetrators) as well-suppressed as it’s been.

BTW, that site (like this one) uses JS, harmlessly, but its QT videos do not contain any embedded code or scripts of any kind.

By: Google AJAX Feed API Dangers | GNUCITIZEN

Google AJAX Feed API Dangers | GNUCITIZEN — Sun, 08 Feb 2009 18:30:16 +0000

[...] someone finds a vulnerability they need to wait for a vendor patch. For example, I released the QuickTime XSS vulnerability mainly because I knew that the issue was related to a feature rather than a bug. I [...]

By: AttackAPI 0.8 is OUT | GNUCITIZEN

AttackAPI 0.8 is OUT | GNUCITIZEN — Fri, 02 Jan 2009 10:11:12 +0000

[...] favorite because it redefines the boundaries of today�s computer security. Don�t open any mp3, QuickTime, PDF, or html file that you don�t trust. It might have one of these installed. Once you are [...]

By: Google Search API Worms | GNUCITIZEN

Google Search API Worms | GNUCITIZEN — Thu, 01 Jan 2009 19:12:16 +0000

[...] I won’t be surprised if I see some in the near future. Malicious content in Web Pages, Flash, QuickTime and PDF has suddenly become one of the most common threats we face [...]

By: Backdooring MP3 Files | GNUCITIZEN

Backdooring MP3 Files | GNUCITIZEN — Thu, 01 Jan 2009 18:56:22 +0000

[...] 2006 Recently I published information on how specially crafted HTML (remote and local), Flash and QuickTime (.mov) files can be used by malicious users to target and exploit internal and external networks. Than my [...]

By: Andre

Andre — Sat, 17 Nov 2007 23:21:05 +0000

vbx i am interesting that too.. popup on preview movie its very interesting..

By: vbx

vbx — Mon, 05 Nov 2007 16:20:34 +0000

would like to know if is possible to create the popup alter when the movie is previewed inside a standalone QuickTime player.

By: Quicktime and Firefox vulnerability - Spyware Sucks

Quicktime and Firefox vulnerability - Spyware Sucks — Thu, 13 Sep 2007 23:59:51 +0000

[...] on, I have to say a few things. Last year I disclosed two highly critical QuickTime vulnerabilities here and here. The first vulnerability was fixed but the second one was completely ignored. I tried to [...]

By: Ryan Naraine’s Zero Day mobile edition

Ryan Naraine’s Zero Day mobile edition — Wed, 12 Sep 2007 17:10:26 +0000

[...] (left) released details on vulnerabilities in Apple’s QuickTime media player to show how movie and .mp3 files can be backdoored to hack into [...]

By: 0DAY: QuickTime pwns Firefox | GNUCITIZEN

0DAY: QuickTime pwns Firefox | GNUCITIZEN — Wed, 12 Sep 2007 12:06:02 +0000

By: roger

roger — Wed, 05 Sep 2007 18:27:37 +0000

yea i need this to work

By: Doc

Doc — Sat, 01 Sep 2007 00:52:17 +0000

Quote [dodgescabin responds: I never use quicktime its not very good] ???

What the f***? – Is that the dumbest sweeping statement ever? It’s like saying cars are not very good – or the sky is not very good!

By: dodgescabin

dodgescabin — Thu, 30 Aug 2007 18:37:32 +0000

I never use quicktime its not very good

By: pdp

pdp — Thu, 07 Jun 2007 19:09:50 +0000

yes… this is right… and this is how it should be

By: Runic

Runic — Thu, 07 Jun 2007 15:20:19 +0000

Starting with QuickTime 7.1.5, you can no longer issue javascript:// URLs or call JavaScript functions from within a QuickTime movie. This feature was removed from QuickTime for security reasons.

By: sasha

sasha — Fri, 04 May 2007 19:01:42 +0000

How can you get around websense to get to myspace

By: Cityboi

Cityboi — Wed, 25 Apr 2007 13:34:11 +0000

How can you get around websense to get to myspace

By: PandaLabs Blog : Insecure features : should AV companies detect them?

PandaLabs Blog : Insecure features : should AV companies detect them? — Tue, 20 Mar 2007 15:46:36 +0000

[...] Insecure features : should AV companies detect them? These days we have been analyzing one of the latest MySpace threats, JS/MySpace.A, which uses an interesting QuickTime feature : HREF Tracks. A deep analysis of this malware is avaliable at Didier Steven´s blog. Abusing HREF Tracks was firstly documented by pdp at GNUCITIZEN blog, later the MoAB project showed how to exploit them in conjunction with other vulnerabilities that allowed hackers to gain remote code execution. The end of the story is as follows: Apple has finally removed javascript support in QuickTime from version 7.1.5. But that´s not the end of it, I still remember a very similar case in which a feature became a vulnerability and we ended up adding generic detections for a legal and documented use of WMF file format, though I don’t think anybody was really using it. So I wonder and I ask you: Should we add generic detections to file formats that support insecure features? If we do so, we may stop malware, but what can we say to a hypothetical customer using them properly? Published Tuesday, March 20, 2007 1:39 PM by mballano _uacct = “UA-969620-1″; urchinTracker(); _uacct = “UA-1443584-1″; urchinTracker(); [...]

By: Chris Mosby at myITforum.com : McAfee Avert Labs Blog - MySpace Woes: Trojan Targets French Rock Band Fans - Friday March 16, 2007

Mon, 19 Mar 2007 16:13:53 +0000

[...] And the latest target is unsuspecting fans of the French rock band MAMASAID who upon visiting a MySpace account promoting the music group get a trojan JS/SpaceStalk installed on their computers via a known insecure feature in QuickTime called HREF Tracks. The technique used here does not rely on vulnerability but rather on a feature present in the QuickTime player that allows for links to be opened automatically when the movie is run. This link could be misused to point to malicious websites hosting exploit code. [...]