Slashdot Mirror

← Back to Stories (view on slashdot.org)

Instant Messaging Vulnerable To New Smiley Attacks

Posted by timothy on from the clever-really dept.

titus writes "Security researchers Yoann Guillot and Julien Tinnes have found a way to encode malicious code into smileys and provided a proof of concept encoder to automate the process. The researchers said their discovery paves the way for IM malware that would be impossible to detect since the malicious code would be 'indistinguishable from genuine chat messages.' I've tested the proof of concept code which works very well. Time to panic?"

10 of 170 comments (clear)

  1. In the spirit by tsstahl · · Score: 2, Insightful

    For the love of all that's decent, make it stop!

    Publishing these holes only encourages further malicious activity!

  2. Stop. Really, just stop by arkham6 · · Score: 4, Insightful

    Please? OK? One or two stories is acceptable, even if they are not funny. Multiple stories each year is just annoying.

    1. Re:Stop. Really, just stop by MobileTatsu-NJG · · Score: 5, Insightful

      Flamebait??? He's spot on. Mod him "goddamn right!"

      Slashdot is operational 364 days a year. One day of silliness and it's BITCHBITCHBITCHBITCHBITCH. Your problem's between the chair and the keyboard.

      --

      "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)

    2. Re:Stop. Really, just stop by bitt3n · · Score: 3, Insightful

      the real amusement here is watching all the hissy fits these joke articles cause by momentarily interrupting weighty discussions on the legal implications of copyrighting a cloud pattern, or whether Steve Jobs should pop that zit on his chin.

      --
      how many pairs of boxer shorts should you own?
    3. Re:Stop. Really, just stop by Anonymous Coward · · Score: 2, Insightful

      Slashdot is operational 364 days a year. One day of silliness and it's BITCHBITCHBITCHBITCHBITCH.

      In other words, no different than the other 364 days.

  3. My favorite holiday by Weaselmancer · · Score: 3, Insightful

    "Slashdot Is Broken Day!"

    Oh please, please someone post a release date for Duke Nukem Forever! Or a story about how Microsoft is publishing their source code base under the GPL.

    IT'S NOT TIRED AND BORING AT ALL.

    --
    Weaselmancer
    rediculous.
  4. Bugtraq by just_another_sean · · Score: 3, Insightful

    I received this in a bugtraq message earlier and just ignored it, thinking huh, I should read that later. Having read it here I went back and checked it out in full. Did anyone actually run the Ruby code attached to the blog/bugtraq?

    --
    Creationist Textbook Stickers Declared Unconstitutional by CowboyNeal
  5. The problem with /. April fool's... by PinkyDead · · Score: 5, Insightful

    ...is that some of the real stories are less plausible.

    --
    Genesis 1:32 And God typed :wq!
  6. Dammit by nog_lorp · · Score: 2, Insightful

    I stared at the PoC and the outputs wondering how the fuck they thought this was supposed to actually be run by the target, before remembering what day it was.

  7. Re:Geek License Revocation. by fractoid · · Score: 2, Insightful

    Fork bomb? I thought it was a smiley threesome.

    Then all of the participants had lots of kids. Lots and lots and lots of kids.

    --
    Rampant carbon sequestration destroyed the Dinosaurs' tropical paradise. I'm here to help repair the damage.