New Virus [Read]

[Chippiewill]

That's pdf files, you cannot get a virus from an mp3 or .htm file (well I suppose you could from a .htm file redirecting you somewhere, but its' very unlikely)

You can, there may not be an exploit right now but there has been, that's why you should NEVER open email attachments. Ever..

If you want proof then listen to some 'Security Now!' podcasts episodes from March-May.

[Agnostic Bear]

You can, there may not be an exploit right now but there has been, that's why you should NEVER open email attachments. Ever..

If you want proof then listen to some 'Security Now!' podcasts episodes from March-May.

You can't get a virus from an mp3 file. ever.

[Kevin]

You can, there may not be an exploit right now but there has been, that's why you should NEVER open email attachments. Ever..

If you want proof then listen to some 'Security Now!' podcasts episodes from March-May.

The mp3 format does not allow you to execute code

[Chippiewill]

The mp3 format does not allow you to execute code

The format might not, but you can you say the same for the player?

[Agnostic Bear]

The format might not, but you can you say the same for the player?

Yes, yes I can.

[Kevin]

The format might not, but you can you say the same for the player?

hey mr 1337 haxxk0r, do what you believe to be possible, and pm me the download link. I'll test it out on my VM

[Chippiewill]

Security Now: Episode 197 23:00 - 28:07

'It's always scary when an exploit affects data files because everybody who listens to this show, anyway, knows to avoid executables.'

'And of course you back up data files. So you don't think, oh, a JPG, a PDF, an MP3. Those are harmless.'

'Well, and somewhere somebody was writing code to parse and process the samples in an MP3 sound file. They weren't thinking about security. They were thinking about getting the darn thing to work so that sounds come out. And it turns out that, as a consequence of that, if you give it a deliberately specially crafted sound file, an MP3 file, it will cause a hiccup in the processing that allows you then to, like, cause the rest of the sound buffer to be jumped into. So you have this special set of samples which causes this integer overflow, which causes the execution of the rest of the buffer. So you literally are putting a program into the sound file with a header that gets this vulnerable version of the library to execute the following code. And as soon as you do that, it can bring in some more code, take over your machine, go off to somewhere malicious, and install backdoors and trojans and worms. And, I mean, it's just the reality of computing today.'

I iz super 1337 haxxorr

http://aolradio.podcast.aol.com/sn/SN-187.mp3

[Recursion]

Podcasts are like Wikipedia, usually right, but not always.

[Chippiewill]

Podcasts are like Wikipedia, usually right, but not always.

:rolleyes: typical, cannot accept the truth... He is well known in the Security sector and is very well respected. He has one of the most accurate podcasts I know, he actually spends several hours preparing each one to check that his details are correct. If he was not in fact correct (On the rare occasion) he would have brought it up in the subsequent episode. He actually created his own e-commerce system.

You can look up the guy at grc.com