Comments on: Backdooring QuickTime Movies

By: Persistent Bi-directional Communication Channels | GNUCITIZEN

Persistent Bi-directional Communication Channels | GNUCITIZEN — Wed, 11 May 2011 10:12:32 +0000

[...] Request Forgery and social engineering but also by altering media content such as Flash, Music and Video formats. More over this can be now done from the browser if data URLs are supported. Attackers may [...]

By: MySpace QuickTime Worm Follow-up | GNUCITIZEN

MySpace QuickTime Worm Follow-up | GNUCITIZEN — Mon, 09 May 2011 17:01:32 +0000

[...] 7th, 2006 MySpace was hit by a worm in a semi-automatic manner. This time the worm propagated via a QuickTime flaw found a couple of months ago. This shouldn’t be a surprise to anyone. It is quite serious that this attack vector was [...]

By: Top 10 web hacks trong năm 2006 - CÃ´ng nghá»‡ sá»‘

Top 10 web hacks trong năm 2006 - CÃ´ng nghá»‡ sá»‘ — Thu, 30 Jul 2009 17:21:26 +0000

[...] Media Files (QuickTime, Flash, PDF, Images, Word [2], and [...]

By: student0911

student0911 — Mon, 23 Feb 2009 10:55:08 +0000

Whenever I read about how QuickTime makes cyberspace more scary or dangerous (JS is JS; I have JS enabled in my browser, but I won’t use IE outside the LAN; I just wish I could tell my browser to not load scripts from 3rd-party servers), it reminds me that the most dangerous thing about QuickTime movies is that the site with the most best hijacker-exculpatory 9/11 video evidence, 911blimp.net, chose to use QT (because, like a VCR, it lets the viewer pause and go frame-by-frame in either direction using the keyboard arrow keys) to present its videos. So, to the extent that people can be made to be extra reluctant to even open a .mov file, that helps keep the evidence (and danger to the actual perpetrators) as well-suppressed as it’s been.

BTW, that site (like this one) uses JS, harmlessly, but its QT videos do not contain any embedded code or scripts of any kind.

By: Google AJAX Feed API Dangers | GNUCITIZEN

Google AJAX Feed API Dangers | GNUCITIZEN — Sun, 08 Feb 2009 18:30:16 +0000

[...] someone finds a vulnerability they need to wait for a vendor patch. For example, I released the QuickTime XSS vulnerability mainly because I knew that the issue was related to a feature rather than a bug. I [...]

By: AttackAPI 0.8 is OUT | GNUCITIZEN

AttackAPI 0.8 is OUT | GNUCITIZEN — Fri, 02 Jan 2009 10:11:12 +0000

[...] favorite because it redefines the boundaries of today’s computer security. Don’t open any mp3, QuickTime, PDF, or html file that you don’t trust. It might have one of these installed. Once you are [...]

By: Google Search API Worms | GNUCITIZEN

Google Search API Worms | GNUCITIZEN — Thu, 01 Jan 2009 19:12:16 +0000

[...] I won’t be surprised if I see some in the near future. Malicious content in Web Pages, Flash, QuickTime and PDF has suddenly become one of the most common threats we face [...]

By: Backdooring MP3 Files | GNUCITIZEN

Backdooring MP3 Files | GNUCITIZEN — Thu, 01 Jan 2009 18:56:22 +0000

[...] 2006 Recently I published information on how specially crafted HTML (remote and local), Flash and QuickTime (.mov) files can be used by malicious users to target and exploit internal and external networks. Than my [...]

By: Andre

Andre — Sat, 17 Nov 2007 23:21:05 +0000

vbx i am interesting that too.. popup on preview movie its very interesting..

By: vbx

vbx — Mon, 05 Nov 2007 16:20:34 +0000

would like to know if is possible to create the popup alter when the movie is previewed inside a standalone QuickTime player.

By: Quicktime and Firefox vulnerability - Spyware Sucks

Quicktime and Firefox vulnerability - Spyware Sucks — Thu, 13 Sep 2007 23:59:51 +0000

[...] on, I have to say a few things. Last year I disclosed two highly critical QuickTime vulnerabilities here and here. The first vulnerability was fixed but the second one was completely ignored. I tried to [...]

By: Ryan Naraine’s Zero Day mobile edition

Ryan Naraine’s Zero Day mobile edition — Wed, 12 Sep 2007 17:10:26 +0000

[...] (left) released details on vulnerabilities in Apple’s QuickTime media player to show how movie and .mp3 files can be backdoored to hack into [...]

By: 0DAY: QuickTime pwns Firefox | GNUCITIZEN

0DAY: QuickTime pwns Firefox | GNUCITIZEN — Wed, 12 Sep 2007 12:06:02 +0000

By: roger

roger — Wed, 05 Sep 2007 18:27:37 +0000

yea i need this to work

By: Doc

Doc — Sat, 01 Sep 2007 00:52:17 +0000

Quote [dodgescabin responds: I never use quicktime its not very good] ???

What the f***? – Is that the dumbest sweeping statement ever? It’s like saying cars are not very good – or the sky is not very good!

By: dodgescabin

dodgescabin — Thu, 30 Aug 2007 18:37:32 +0000

I never use quicktime its not very good

By: pdp

pdp — Thu, 07 Jun 2007 19:09:50 +0000

yes… this is right… and this is how it should be

By: Runic

Runic — Thu, 07 Jun 2007 15:20:19 +0000

Starting with QuickTime 7.1.5, you can no longer issue javascript:// URLs or call JavaScript functions from within a QuickTime movie. This feature was removed from QuickTime for security reasons.

By: sasha

sasha — Fri, 04 May 2007 19:01:42 +0000

How can you get around websense to get to myspace

By: Cityboi

Cityboi — Wed, 25 Apr 2007 13:34:11 +0000

How can you get around websense to get to myspace