Security expert warns of MP3 danger
Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Security expert warns of MP3 danger

  1. #1
    Senior Member
    Join Date
    Nov 2001
    Posts
    742

    Security expert warns of MP3 danger

    What's the next move for the viiri writer? Seems like nothing will be holy in the future

    Security expert warns of MP3 danger

    New technology such as MP3s may soon be used as vectors for viruses, a security specialist visiting Australia has warned.

    We've recently been looking at how things embedded into MP3 files might become a problem, Vincent Gullotto, vice president of AVERT -- the developer of McAffee anti-virus systems -- told ZDNet Australia. There will soon be MP3s that will play the video clip at the same time as the music, and if you can embed movie files to MP3s you can embed Java and other languages that may contain malicious programming.

    The full article can be found here.

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    218
    i am glad someone has finally brought this to attention. as to my knowledge, there has not been any outbreaks of of viri embedded in an mp3, just an occasional virus pretending to be an mp3 and people not paying attention to file extensions. but embedding "in" and not just binding is something i have been forseeing for the last year or so. no one has really paid it much mind though. what better way for a malicious coder to spread a virus? everyone and even their mothers know how to file share these days. mp3's and porn are the two most common type of shared files.
    \"Computer games don\'t affect kids; I mean if Pac-Man affected us as kids, we\'d all be running around in darkened rooms munching magic pills and listening to repetitive electronic music.\" Kristian Wilson, Nintendo, Inc. 1989

  3. #3
    Senior Member
    Join Date
    Dec 2001
    Posts
    243
    yeah, If you go on Kazaa or Morpheus 25% or so of MP3's are viruses and 50-75% of porn is... High rate for someone who doesn't have a virus scanner... does NAV stop them???
    Search First Ask Second. www.google.com

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    883
    Oh great. Time to throw the RIO in the trash.

    Thanks for the post. Interesting read. However the biggest virii out there right now is called the Win32 platform...<grin>
    The COOKIE TUX lives!!!!
    Windows NT crashed,I am the Blue Screen of Death.
    No one hears your screams.


  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    742
    Im not a expert in the MP3 format.. But Vincent Brobalds comment seems likely, can someone with better experience then me verify this?

    Source: TalkBack, Vincent BROBALD (comment on the original article)

    So far, from what I know, MP3 file format is safe.

    The security problem comes from wma files (microsoft "technology") that enables to embed other elements (scripts,...).
    Once renamed to mp3, those files seems just as real mp3 files for windows mediaplayer... More: Windows mediaplayer plays the files as it recognises the data streams inside the file. (same irresponsible features like the possibility to rename a .exe to .bat and still being able to execute it as a binary). A simple workaround would be to make Windows mediaplayer read only .mp3 files containing real mp3 data streams.

    Real MP3 files are not (to my knowledge) dangerous... But not all .mp3 named files are real MP3 files, and some hostile false mp3 files will execute thanks to Microsoft.
    Source: TalkBack, John L (comment on the original article)

    So, this is more an issue with Windows Media Player than mp3's? That would make sense. The only part I was not seeing was how someone would get code in an mp3 to execute, but if Media Player does that on its own, then there could be a problem. Of course, this problem is more a Media Player issue than an mp3 issue... and will only affect those who use Media Player to play untrusted content. People like me who use programs like Winamp on Windows, or any of the various mp3 players on Linux will not be affected =). Yippee!

  6. #6
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,535

    Re: Security expert warns of MP3 danger

    Originally posted here by micael
    There will soon be MP3s that will play the video clip at the same time as the music
    there already are... they are called MPEG hehehe..
    first there was mpeg (1)
    then they took the third layer (the audio layer) and named it mp3 for mpeg 1 layer 3 audio...
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  7. #7
    Senior Member
    Join Date
    Nov 2001
    Posts
    742
    That's true .

    But what about the potential risk to embedd other malicious code to a MP3, is that possible ?

  8. #8
    Now, RFC Compliant! Noia's Avatar
    Join Date
    Jan 2002
    Posts
    1,210
    As long as it is in pure MP# then it's not a problem, but once they start adding "Features" to it or calling *.wma's *.mp3's then you have aproblem, coz wma files are about as secure as the resto of windows.....CRAP

    If people start to corrupt the sanctuary I have in my Mp3's I'm going get really pissed off.....

    Let's all Pray it doesn't happen....
    (Skip the Praying part...)

    - Noia
    With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!:.
    Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag D landet her kvilte i heilag fred og alle hadde kjrleik elske med.

  9. #9
    Senior Member
    Join Date
    Nov 2001
    Posts
    742
    I guess it was time to add a good content scanner to my system..

    "Are this a real MP3 or a M$ security issue ".

  10. #10
    Senior Member
    Join Date
    Aug 2001
    Posts
    410
    Could this be the doings of the RIAA?
    savIRC :: The Multi-Platform IRC Client v. 1.8 [Released 9.04.02]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •