Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Fri 28 Jul 2017, 01:02
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Users of – including VLC, Kodi, Popcorn Time - most at risk
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [3 Posts]  
Author Message
belham2

Joined: 15 Aug 2016
Posts: 808

PostPosted: Wed 24 May 2017, 15:06    Post subject:  Users of – including VLC, Kodi, Popcorn Time - most at risk  

Old attack vectors re-surfacing again?

https://www.theregister.co.uk/2017/05/23/malware_in_subtitles_return/
Back to top
View user's profile Send private message 
6502coder


Joined: 23 Mar 2009
Posts: 367
Location: Western United States

PostPosted: Wed 24 May 2017, 15:56    Post subject:  

This is mind-boggling: getting hijacked via subtitles.

https://thehackernews.com/2017/05/movie-subtitles-malware.html

http://www.zdnet.com/article/bogus-movie-subtitles-could-let-hackers-take-over-your-device-warn-security-researchers/

VLC 2.2.5 incorporates the fix, according to the first article.
Back to top
View user's profile Send private message 
rufwoof

Joined: 24 Feb 2014
Posts: 1967

PostPosted: Wed 24 May 2017, 16:43    Post subject:  

Quote:
As soon as the media player parses those malicious subtitle files before displaying the actual subtitles on your screen, the hackers are granted full control of your computer or Smart TV on which you ran those files.

I run Kodi (and all internet stuff) under a restricted shell/restricted userid. Do you think that is/was sufficient to prevent hackers being granted full control over the PC/linux? i.e. has permissions to view only selected other folders (of which some are the memory based linux files that reflect the main read-only sfs), but no write (other than a few folders for that restricted userid), and at the command prompt level can't even cd i.e. restricted shell.

I'm guessing safe, and that the "hackers are granted full control" should perhaps be "hackers could be granted full control" ???
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [3 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0375s ][ Queries: 11 (0.0071s) ][ GZIP on ]