MS didn't "create yet-another-codec". They followed the heard and developed a container file type like their competitors did. There is no ASF codec. ASF is a container file type that can contain media files, usual WMA and WMV, as well as text, URLs, and images.
There is no ASF codec
Are you so much of dumbass that you didn't even bother to read the wikipedia article you linked to?
Just because this is targeted at MS, it does not follow that this is an MS specific flaw. MS is the target of choice because of it's installed base. Why work to capture 10% or less of the targets when one can work to capture 80+%?
I disagree. If one practices safe computing, then the fact that the file formats are vulnerable is irrelevant.
One should treat all external data as suspect regardless of supposed content.
Just like in the old days when one treated all floppies as possibly being infected and made sure to remove them from the drive before rebooting.
Also, this issue has nothing to do with DRM. From your own source:
Advanced Systems Format (formerly Advanced Streaming Format, Active Streaming Format) is Microsoft's proprietary digital audio/digital video container format, especially meant for streaming media.
ASF is based on serialized objects which are essentially byte sequences identified by a GUID marker.
The format does not specify how (i.e. with which codec) the video or audio should be encoded; it just specifies the structure of the video/audio stream. This is similar to the function performed by the QuickTime, AVI, or Ogg container formats. One of the objectives of ASF was to support playback from digital media servers, HTTP servers, and local storage devices such as hard disk drives.
The vulnerability of this format is due to it being a serialized object that can contain things other the media files such as website addresses, as addressed in TFA:
Advanced Systems Format is a Microsoft-defined container format for audio and video streams that can also hold arbitrary content such as images or links to Web resources.
The content of the container contains instructions saying a new codec is needed and links to trojan site. This is a new twist on the standard trojan tactic, which is to get the target to download and execute a file which seems safe but is actually a malicious.
Trying to throw this on DRM is a red herring and dishonest. It also shows your lack of knowledge and experience and your bias.
Really, this should not surprise anyone. When one uses a service to do what is, basically, illegal, one should not be surprised if others use the same service to do something illegal.
One should not be downloading things, especially things that are copyrighted and executables, from P2P networks.
With the correct technical solution, this is information that is not important.
The proper technical solution results in nuclear waste disposal being a non-issue.
A solution such as burying it deep in a subduction zone, or in the abyssal plain. Both of which are places where no one has to worry about it now or in the future.
While that is true, a private company would not want the situation to be publicly known. The bad publicity from both the incident and the resulting fallout would be worse for the company than simply paying for the passwords.
Guts? Try foolishness. He might get away with it in a private company, may even have done it in the past.
But, the government is a whole different ballgame. The government can arrest you and put you in prison. In fact, if a judge ordered him to provide the passwords and he refused, he could be found in contempt of court and jailed until he complied.
No, fucking with the government in this manner is not gutsy, it is stupid and shortsighted.
Lack of evidence for something is not proof against something.
It may happen (much) more often than we hear about because of the bad PR for the company. Would you want to do business with a company whose data was held ransom by an (ex-)employee?
Not them, and that is a good enough reason.
No, dumbass. He is a still a criminal. He is also unethical
The fact that you can't see that means you are unethical as well.
It doesn't contain an executable nugget. Maybe you should go back and read the article and then the definition of the format.
MS didn't "create yet-another-codec". They followed the heard and developed a container file type like their competitors did. There is no ASF codec. ASF is a container file type that can contain media files, usual WMA and WMV, as well as text, URLs, and images.
There is no ASF codec
Are you so much of dumbass that you didn't even bother to read the wikipedia article you linked to?
Try reading the article and the wikipedia page on ASF
That still doesn't make the comment flaimbait.
Just because this is targeted at MS, it does not follow that this is an MS specific flaw. MS is the target of choice because of it's installed base. Why work to capture 10% or less of the targets when one can work to capture 80+%?
One may want to look into other container formats:
The format does not specify how (i.e. with which codec) the video or audio should be encoded; it just specifies the structure of the video/audio stream. This is similar to the function performed by the QuickTime, AVI, or Ogg container formats. They may also be vulnerable to a similar attack.
I disagree. If one practices safe computing, then the fact that the file formats are vulnerable is irrelevant.
One should treat all external data as suspect regardless of supposed content.
Just like in the old days when one treated all floppies as possibly being infected and made sure to remove them from the drive before rebooting.
Also, this issue has nothing to do with DRM. From your own source:
Advanced Systems Format (formerly Advanced Streaming Format, Active Streaming Format) is Microsoft's proprietary digital audio/digital video container format, especially meant for streaming media.
ASF is based on serialized objects which are essentially byte sequences identified by a GUID marker.
The format does not specify how (i.e. with which codec) the video or audio should be encoded; it just specifies the structure of the video/audio stream. This is similar to the function performed by the QuickTime, AVI, or Ogg container formats. One of the objectives of ASF was to support playback from digital media servers, HTTP servers, and local storage devices such as hard disk drives.
The vulnerability of this format is due to it being a serialized object that can contain things other the media files such as website addresses, as addressed in TFA:
Advanced Systems Format is a Microsoft-defined container format for audio and video streams that can also hold arbitrary content such as images or links to Web resources.
The content of the container contains instructions saying a new codec is needed and links to trojan site. This is a new twist on the standard trojan tactic, which is to get the target to download and execute a file which seems safe but is actually a malicious.
Trying to throw this on DRM is a red herring and dishonest. It also shows your lack of knowledge and experience and your bias.
Excuse me, I guess I should have put:
One should not be downloading things, especially things that are copyrighted and/or executable, from P2P networks.
Is that better?
It is not flamebait, you fucking dumbasses. It is the truth.
Really, this should not surprise anyone. When one uses a service to do what is, basically, illegal, one should not be surprised if others use the same service to do something illegal.
One should not be downloading things, especially things that are copyrighted and executables, from P2P networks.
Or, we could just aim the rocket at Sol.
But, what happens if the rocket fails during launch? We will need better payload containment in the case of launch failure.
With the correct technical solution, this is information that is not important.
The proper technical solution results in nuclear waste disposal being a non-issue.
A solution such as burying it deep in a subduction zone, or in the abyssal plain. Both of which are places where no one has to worry about it now or in the future.
So, we are recycling. It saving the planet
Hmm, if we are anything to judge by it will be:
Hey, the ancients wanted to keep people away from here. There must be buried treasure!
What part of
The machines will sit, unpowered, until needed, then powered up.
did you not understand?
While that is true, a private company would not want the situation to be publicly known. The bad publicity from both the incident and the resulting fallout would be worse for the company than simply paying for the passwords.
Guts? Try foolishness. He might get away with it in a private company, may even have done it in the past.
But, the government is a whole different ballgame. The government can arrest you and put you in prison. In fact, if a judge ordered him to provide the passwords and he refused, he could be found in contempt of court and jailed until he complied.
No, fucking with the government in this manner is not gutsy, it is stupid and shortsighted.
Lack of evidence for something is not proof against something.
It may happen (much) more often than we hear about because of the bad PR for the company. Would you want to do business with a company whose data was held ransom by an (ex-)employee?
Your forgot the hookers.
Now, kids, go out and play in the fresh air, which contains cancer causing chemicals, and the sunshine, which causes skin cancer.
Hey, just bein' honest.
Yeah, because "GNU, Debian and other community efforts" are so well known for well defined standards.
Your privacy is invading our public.
Answer me the same question for deserters.
Besides, he is a politician. His word is worthless.
Hope is the first step on the road to disappointment.
The problem is that there is so much stuff in perpetual beta. "Beta" is the new V1.0.
Too many people think that "Beta" means it is ready for general use and just needs feature enhancement.