RE: video/@src vs application/octet-stream

Given that support for <video> is still quite new, I am not aware of any attacks on that particular element - though it doesn't mean they don't exist.

I was thinking about ones used on various other formats including images, documents, etc.

Leonard

-----Original Message-----
From: Maciej Stachowiak [mailto:mjs@apple.com] 
Sent: Monday, July 19, 2010 4:43 PM
To: Leonard Rosenthol
Cc: julian.reschke@gmx.de; Boris Zbarsky; public-html@w3.org
Subject: Re: video/@src vs application/octet-stream


On Jul 19, 2010, at 1:31 PM, Leonard Rosenthol wrote:

> While I don't necessary want to start the "why sniffing is evil" discussion here, I have to challenge the basic premise below.
> 
>> media formats are, in general, unambiguously sniffable, 
>> and do not contain active content that would pose a security risk. 
>> 
> Sorry, but this is NOT the case!
> 
> There are a number of known attacks (not just POC's) that relying on format sniffing and specially constructed "hybrid" files that claim to be one (safe) thing but are really something else that is considered unsafe.  

Can you give a specific example of a "hybrid" video or audio file being used as an attack vector? I am not aware of any exploits like that. Knowing about them would be helpful information.

Thanks,
Maciej

Received on Monday, 19 July 2010 21:20:34 UTC