Unpatchable buffer overflow in browser plugins are quite common these day. After the PDF vulnerability, it is the Quicktime protocol RSTP that is vulnerable. Launching a stream is enough to get compromised. The pdf vulnerability was used in a massive spam attack. This time, I wonder how many “porno” video will be instead this exploit leading in a kind of attack between phishing and remote exploitation: You create a page with let say 5 videos that draw the interesset of the visitor and the 6th is the exploit. Well I let you figure out what a video can draw attention 
I wonder if the iphone suffers from this vulnerabilty ? Wath is “fun” with this vulnerability is that Itune act as a trojan because it install quicktime by default… Additionnaly many computes are concerned due to this behavior. That is why I hate software that add an extra service/plugins that you don’t want. It is a total security nightmare.
Archive for the 'Software' Category Page 3 of 8
According to the site “reseau et telecom” , Peter Cox have released a POC of VOIP sniffing. The techrepublic say that Mr Cox was inspired by Phil Zimmermann. However, since I wasn’t able to find the software I am not sure what is new under the sun with it. VOIP is known to be insecure since the beginning. For instance the tool Vomit (voice over misconfigured internet telephones was released in 2004. A nice framework in python was also presented in a conference this year. Sending data in clear is also not a specific problem to VOIP, POP3 email or MSN message are also send in clear. Maybe It is still not obvious because decoding VOIP stream requiers more knowlegde than plain text protocol.
Latest Comments