Comments on: QuickTime 0day for Vista and XP

By: Giuseppe Cascone » Blog Archive » QuickTime 0day for Vista and XP

Giuseppe Cascone » Blog Archive » QuickTime 0day for Vista and XP — Wed, 09 Jul 2008 12:37:35 +0000

[...] see video click) Because we are an information security think tank and because we encounter some very interesting [...]

By: Antonio Trigiani iBlog - Informatica Virale » Blog Archive » Video: Vulnerabilità QuickTime 0day su Windows Vista e XP

Sat, 10 May 2008 17:52:45 +0000

[...] sicurezza, Video | Il team di Gnucitizen mostra in questo video come sfruttare la vulnerabilità 0day di QuickTime su Windows Vista e Windows [...]

By: Quicktime Flaw Makes Windows Vulnerable to Attack | Networking for Networkers

Mon, 05 May 2008 16:58:44 +0000

[...] PCs running Windows Vista SP1 and XP SP2. Although details are a bit thin at the moment, the GNUCitizen blog has published a movie purporting to show the attack in [...]

By: Ix

Ix — Fri, 02 May 2008 13:38:13 +0000

Seconding Jim’s question. Knowing it exists is important, knowing what’s being done about it is even more important.

By: Jim Manico

Jim Manico — Thu, 01 May 2008 04:13:13 +0000

Inquiring minds want to know. Can you at least let us know how Apple is reacting to this exploit?

By: flashdrive

flashdrive — Thu, 01 May 2008 00:03:47 +0000

when can we expect to see how this is done?

By: GNUCitizen: QuickTime for Windows Vista and XP Leakage Leads to Inevitable Badness | Infosecurity.US

Wed, 30 Apr 2008 23:57:22 +0000

[...] Quicktime on Microsoft WIndows Vista and XP only. See the full announcement on the GNUCitizen site here. Current Workarounds include….Not opening up attachments from unknown sources. Sphere: [...]

By: works on mac?

works on mac? — Wed, 30 Apr 2008 15:59:47 +0000

so you are doing some HREF track ninja?

http://www.apple.com/quicktime.....racks.html

You test this stuff on a mac PDP?

By: Hardware e Software » Blog Archive » QuickTime, individuata falla pericolosa

Tue, 29 Apr 2008 21:21:19 +0000

[...] chi volesse approfondire l’argomento vi consiglio il seguente link contenente il messaggio ufficiale rilasciato dal Petkov ed un video che mostra la vulnerabilità in [...]

By: hilikus

hilikus — Tue, 29 Apr 2008 17:44:38 +0000

Very good findings and research pdp, keep up the good work, and props for the responsible disclosure. Don’t let any of these trolls take away from your execlent findings. And good luck working with Apple, I just keep thinking about the wireless dirver vulnerability and how they treated HDMoore :\

@alino: I doubt he is going to say, read the other comments and his responses.

By: Windows Üzerinde Yeni Bir QuickTime Açığı | MacOSXPC.Com

Windows Üzerinde Yeni Bir QuickTime Açığı | MacOSXPC.Com — Tue, 29 Apr 2008 17:20:05 +0000

[...] olan ve bilgisayar korsanları arasında “pdp” olarak bilinen Petko D. Petkov’un açıklamasına göre Apple‘ın medya oynatıcı yazılımı olan QuickTime, Microsoft‘un Windows [...]

By: Pesquisador encontra nova falha no QuickTime p/ Windows

Pesquisador encontra nova falha no QuickTime p/ Windows — Tue, 29 Apr 2008 14:43:35 +0000

[...] acordo com os detalhes publicados no blog GNUCitizen, o exploit envolve um arquivo malicioso especialmente criado. Quando o usuário abre este arquivo, [...]

By: alino

alino — Tue, 29 Apr 2008 12:09:05 +0000

@PDP: Which Class of Vulnerability ( stack/heap based buffer overflow or other.. ) was used for this vulnerability? btw: good work pdp :)

By: David Kierznowski

David Kierznowski — Tue, 29 Apr 2008 09:57:06 +0000

Regarding hype:

I think we sometimes forget our roots as security researchers. The only reason we have an industry today was because of full-disclosure and hype. If you can’t create a noise to motivate change, then you don’t affect the commercial market, which in turn means we are all out of jobs ;)

By: cryoohki

cryoohki — Tue, 29 Apr 2008 09:50:12 +0000

@jim: rtfa next time. Or at least the comments on /.

For the “imaginary vulnerabilities” Apple’s policy stinks, that’s all I can say…

By: Agujero de seguridad en Quicktime compromete a usuarios de Vista y XP | Win-Vista.es

Mon, 28 Apr 2008 22:29:00 +0000

[...] Vía | GNUCitizen [...]

By: Security News - Tools - Tutorials and more … » Blog Archive » Department of Homeland Security website hacked!

Mon, 28 Apr 2008 19:36:24 +0000

[...] the demand. But should the attackers get their hands on a newer exploit - say, one targeting a zero-day vulnerability in QuickTime - it would be relatively easy for them to swap out the [...]

By: Fallo de Seguridad de QuickTime en Windows XP y Vista | Incubaweb

Fallo de Seguridad de QuickTime en Windows XP y Vista | Incubaweb — Mon, 28 Apr 2008 18:24:01 +0000

[...] detalles sobre el exploit están disponibles en el blog GNUCitizen, donde se describe el problema pero no con el suficiente detalle para evitar que usuarios [...]

By: Neue Zero-Day-L�cke in Apples Quicktime entdeckt - News | ZDNet.de Security - Sicherheit

Mon, 28 Apr 2008 16:01:53 +0000

[...] Sicherheitsforscher Petko D. Petkov hat auf Gnucitizen Informationen zu einer neuen Zero-Day-L�cke in Apples Quicktime ver�ffentlicht. In einem [...]

By: Pesquisador encontra nova falha no QuickTime rodando no XP e Vista | Manoel Franklin

Mon, 28 Apr 2008 14:59:57 +0000

[...] as poucas informações publicadas no blog GNUCitizen, o código envolve um arquivo de mídia manipulado maliciosamente. Quando o usuário abre o [...]