[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Simple] <note> in IMDN

To: Hisham Khartabil <hisham.khartabil at gmail.com>
Subject: Re: [Simple] <note> in IMDN
From: Dean Willis <dean.willis at softarmor.com>
Date: Tue, 20 May 2008 09:36:37 -0500
Cc: simple at ietf.org
Delivered-to: ietfarch-simple-web-archive at core3.amsl.com
Delivered-to: simple at core3.amsl.com
In-reply-to: <66cd252f0805132138m23aa3f42kf01ce0dcb7c42181@mail.gmail.com>
List-archive: <http://www.ietf.org/pipermail/simple>
List-help: <mailto:simple-request@ietf.org?subject=help>
List-id: SIP for Instant Messaging and Presence Leveraging Extensions <simple.ietf.org>
List-post: <mailto:simple@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/simple>, <mailto:simple-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/simple>, <mailto:simple-request@ietf.org?subject=unsubscribe>
References: <1660532724-1210725948-cardhu_decombobulator_blackberry.rim.net-784864713-@bxe033.bisx.prod.on.blackberry> <66cd252f0805131939t6569dab7r45d8ced20471a157@mail.gmail.com> <77384F67-E82C-483C-B555-665BFAF02D4E@standardstrack.com> <66cd252f0805132138m23aa3f42kf01ce0dcb7c42181@mail.gmail.com>
Sender: simple-bounces at ietf.org

On May 13, 2008, at 11:38 PM, Hisham Khartabil wrote:

> Can you explain how it is an attack vector?


Unconstrained rich content is one of the most easily exploited attack  
vectors.

Buffer overrun attacks as well as all of the typical MIME compound- 
component attacks are likely. For example, the common JPEG  
vulnerabilities might be exploitable:

http://www.news.com/Image-virus-spreads-via-chat/2100-7349_3-5390463.html


Or the content-execution weakness that caused the Macintosh Safari  
browse to be most easily exploited in recent hacking contests:

http://www.engadget.com/2007/07/23/safari-exploit-gives-hackers-full-control-of-your-iphone/


There have also been exploits against QuickTime, Flash, and most other  
plugin components from time to time.

--
Dean
_______________________________________________
Simple mailing list
Simple at ietf.org
https://www.ietf.org/mailman/listinfo/simple

Follow-Ups:
- Re: [Simple] <note> in IMDN
  - From: Paul Kyzivat
- Re: [Simple] <note> in IMDN
  - From: Hisham Khartabil

References:
- Re: [Simple] <note> in IMDN
  - From: eburger
- Re: [Simple] <note> in IMDN
  - From: Hisham Khartabil
- Re: [Simple] <note> in IMDN
  - From: Eric Burger
- Re: [Simple] <note> in IMDN
  - From: Hisham Khartabil

Prev by Date: Replica watches make great gifts
Next by Date: Re: [Simple] <note> in IMDN
Previous by thread: Re: [Simple] <note> in IMDN
Next by thread: Re: [Simple] <note> in IMDN
Index(es):
- Date
- Thread