Comments on: QuickTime 0day for Vista and XP

By: Details of the QuickTime Vulnerability | GNUCITIZEN

Details of the QuickTime Vulnerability | GNUCITIZEN — Tue, 09 Sep 2008 14:24:47 +0000

[...] I intend to give a brief overview of the QuickTime vulnerability which I partially-disclosed over here. I should have made these details public long time ago but better late then never. The [...]

By: My BH Las Vegas Slides | GNUCITIZEN

My BH Las Vegas Slides | GNUCITIZEN — Tue, 09 Sep 2008 10:30:14 +0000

[...] Yes, it is time for a coffee. Unfortunately, it does not look as good as the one from the picture above. The slides can be found here. The next post is all about the QuickTime vulnerability which I partially-disclosed over here. [...]

By: Zero-Day Vulnerability Reported in Apple’s QuickTime for Windows XP and Vista

Sun, 24 Aug 2008 14:19:48 +0000

[...] a computer security consultancy, on Friday warned of a zero-day vulnerability in Apple’s QuickTime media player for Windows XP and Windows Vista. “A remote [...]

By: Giuseppe Cascone » Blog Archive » QuickTime 0day for Vista and XP

Giuseppe Cascone » Blog Archive » QuickTime 0day for Vista and XP — Wed, 09 Jul 2008 12:37:35 +0000

[...] see video click) Because we are an information security think tank and because we encounter some very interesting [...]

By: Antonio Trigiani iBlog - Informatica Virale » Blog Archive » Video: VulnerabilitÃ QuickTime 0day su Windows Vista e XP

Sat, 10 May 2008 17:52:45 +0000

[...] sicurezza, Video | Il team di Gnucitizen mostra in questo video come sfruttare la vulnerabilitÃ 0day di QuickTime su Windows Vista e Windows [...]

By: Quicktime Flaw Makes Windows Vulnerable to Attack | Networking for Networkers

Mon, 05 May 2008 16:58:44 +0000

[...] PCs running Windows Vista SP1 and XP SP2. Although details are a bit thin at the moment, the GNUCitizen blog has published a movie purporting to show the attack in [...]

By: Ix

Ix — Fri, 02 May 2008 13:38:13 +0000

Seconding Jim’s question. Knowing it exists is important, knowing what’s being done about it is even more important.

By: Jim Manico

Jim Manico — Thu, 01 May 2008 04:13:13 +0000

Inquiring minds want to know. Can you at least let us know how Apple is reacting to this exploit?

By: flashdrive

flashdrive — Thu, 01 May 2008 00:03:47 +0000

when can we expect to see how this is done?

By: GNUCitizen: QuickTime for Windows Vista and XP Leakage Leads to Inevitable Badness | Infosecurity.US

Wed, 30 Apr 2008 23:57:22 +0000

[...] Quicktime on Microsoft WIndows Vista and XP only. See the full announcement on the GNUCitizen site here. Current Workarounds include….Not opening up attachments from unknown sources. Sphere: [...]

By: works on mac?

works on mac? — Wed, 30 Apr 2008 15:59:47 +0000

so you are doing some HREF track ninja? http://www.apple.com/quicktime.....racks.html You test this stuff on a mac PDP?

By: Hardware e Software » Blog Archive » QuickTime, individuata falla pericolosa

Tue, 29 Apr 2008 21:21:19 +0000

[...] chi volesse approfondire lâ€™argomento vi consiglio il seguente link contenente il messaggio ufficiale rilasciato dal Petkov ed un video che mostra la vulnerabilitÃ in [...]

By: hilikus

hilikus — Tue, 29 Apr 2008 17:44:38 +0000

Very good findings and research pdp, keep up the good work, and props for the responsible disclosure. Don’t let any of these trolls take away from your execlent findings. And good luck working with Apple, I just keep thinking about the wireless dirver vulnerability and how they treated HDMoore :\

@alino: I doubt he is going to say, read the other comments and his responses.

By: Windows Ãœzerinde Yeni Bir QuickTime AÃ§Ä±ÄŸÄ± | MacOSXPC.Com

Windows Ãœzerinde Yeni Bir QuickTime AÃ§Ä±ÄŸÄ± | MacOSXPC.Com — Tue, 29 Apr 2008 17:20:05 +0000

[...] olan ve bilgisayar korsanlarÄ± arasÄ±nda “pdp” olarak bilinen Petko D. Petkov’un aÃ§Ä±klamasÄ±na gÃ¶re Apple‘Ä±n medya oynatÄ±cÄ± yazÄ±lÄ±mÄ± olan QuickTime, Microsoft‘un Windows [...]

By: Pesquisador encontra nova falha no QuickTime p/ Windows

Pesquisador encontra nova falha no QuickTime p/ Windows — Tue, 29 Apr 2008 14:43:35 +0000

[...] acordo com os detalhes publicados no blog GNUCitizen, o exploit envolve um arquivo malicioso especialmente criado. Quando o usuÃ¡rio abre este arquivo, [...]

By: alino

alino — Tue, 29 Apr 2008 12:09:05 +0000

@PDP: Which Class of Vulnerability ( stack/heap based buffer overflow or other.. ) was used for this vulnerability? btw: good work pdp :)

By: David Kierznowski

David Kierznowski — Tue, 29 Apr 2008 09:57:06 +0000

Regarding hype:

I think we sometimes forget our roots as security researchers. The only reason we have an industry today was because of full-disclosure and hype. If you can’t create a noise to motivate change, then you don’t affect the commercial market, which in turn means we are all out of jobs ;)

By: cryoohki

cryoohki — Tue, 29 Apr 2008 09:50:12 +0000

@jim: rtfa next time. Or at least the comments on /.

For the “imaginary vulnerabilities” Apple’s policy stinks, that’s all I can say…

By: Agujero de seguridad en Quicktime compromete a usuarios de Vista y XP | Win-Vista.es

Mon, 28 Apr 2008 22:29:00 +0000

[...] VÃa | GNUCitizen [...]

By: Security News - Tools - Tutorials and more … » Blog Archive » Department of Homeland Security website hacked!

Mon, 28 Apr 2008 19:36:24 +0000

[...] the demand. But should the attackers get their hands on a newer exploit – say, one targeting a zero-day vulnerability in QuickTime – it would be relatively easy for them to swap out the [...]