Online Videos May Conduct Viruses

Technical Writing Geek writes "A report on threats via the Internet released by a Georgia Tech research center indicates online video may be a new avenue of attack. As the popularity of flash media continues to explode, hackers may be targeting embedded video players and more traditional video downloads with worms and virii. 'One worm discovered in November 2006 launches a corrupt Web site without prompting after a user opens a media file in a player. Another program silently installs spyware when a video file is opened. Attackers have also tried to spread fake video links via postings on YouTube ... Another soft spot involves social networking sites, blogs and wikis. These community-focused sites, which are driving the next generation of Web applications, are also becoming one of the juiciest targets for malicious hackers.'"

They don't have to be

[XanC]

What's wrong with posting MPG files for people to download? Every site these days is Flash video, or insists and assumes you're running a Web browser, wrapping their video file in Flash controls and burying the actual URL to the actual file people want to see under a dozen redirects.

All I want is the URL so I can play it with mplayer. I have no intention of putting Flash on my machine. Is that so danged difficult??

Re:They don't have to be

[kebes]

All I want is the URL so I can play it with mplayer. I have no intention of putting Flash on my machine. Is that so danged difficult??

Actually it would be much, much easier to design a system that just exposed the URL for a standard video file. The user/browser could then either download it, or have a plugin that buffers and displays it inside the browser. This eliminates all kinds of problems both for the web developers and the user.

But, of course, the real reason for using Flash-based players is that it acts as a weak form of DRM. The intention is to force the user to watch the video only at the site (with ads, etc.), and to not allow the user to take the video, transfer it elsewhere (e.g. iPod), edit out commercials, redistribute it, etc.

Of course, we all know that it is possible to write a script that extracts the video... but it becomes a tiresome arms race. This is just another example of the fundamental tradeoff between the notion of "convenience" (for the user) and "control" (for the distributor). The user wants freedom. The distributor wants DRM.

Why should Flash have any kind of write access???

[G4from128k]

Why in the world should the Flash player have any kind of access/execution/write privileges on the browser's machine? I can understand that the player needs to be able to execute some form of code to create interactivity, but shouldn't this be so totally sandboxed that presents a minimal threat to the user or the OS.

This just confirms my opinion that Flash is an evil cancer on the web designed to move control of the web experience from the person browsing to the Flash author (who maybe a botnet builder).