Re: video/@src vs application/octet-stream

Leonard,

You might be interested in reading this paper, which discusses these
issues in some amount of detail:

http://www.adambarth.com/papers/2009/barth-caballero-song.pdf

We should be careful not to paint these issues with too broad a brush.
 The devil is in the details.

Adam


On Mon, Jul 19, 2010 at 2:19 PM, Leonard Rosenthol <lrosenth@adobe.com> wrote:
> Given that support for <video> is still quite new, I am not aware of any attacks on that particular element - though it doesn't mean they don't exist.
>
> I was thinking about ones used on various other formats including images, documents, etc.
>
> Leonard
>
> -----Original Message-----
> From: Maciej Stachowiak [mailto:mjs@apple.com]
> Sent: Monday, July 19, 2010 4:43 PM
> To: Leonard Rosenthol
> Cc: julian.reschke@gmx.de; Boris Zbarsky; public-html@w3.org
> Subject: Re: video/@src vs application/octet-stream
>
>
> On Jul 19, 2010, at 1:31 PM, Leonard Rosenthol wrote:
>
>> While I don't necessary want to start the "why sniffing is evil" discussion here, I have to challenge the basic premise below.
>>
>>> media formats are, in general, unambiguously sniffable,
>>> and do not contain active content that would pose a security risk.
>>>
>> Sorry, but this is NOT the case!
>>
>> There are a number of known attacks (not just POC's) that relying on format sniffing and specially constructed "hybrid" files that claim to be one (safe) thing but are really something else that is considered unsafe.
>
> Can you give a specific example of a "hybrid" video or audio file being used as an attack vector? I am not aware of any exploits like that. Knowing about them would be helpful information.
>
> Thanks,
> Maciej
>
>
>

Received on Monday, 19 July 2010 21:34:17 UTC