Last Updated: 2007-03-16 22:39:24 UTC
by Swa Frantzen (Version: 3)
Contains just music, right? Well many will be copyright lawsuits waiting to happen if you let the music industry, but yep they too can contain scripting. Granted you might need quicktime installed to get to it, but most iPod owners will have iTunes and that comes with Quicktime bundled into it ...
Unfortunately there are many more formats that allow remote code execution by allowing scripting or extensive macro languages.
If there's a lesson to be learned, it might well be that you need to continue to look out for scripting languages, cookies and more even hidden in places you might not expect them to creep into.
If you have good workable solutions to prevent scripting in all these media rich formats, let us know.
I thought I had mentioned NoScript, but I seem to have managed to erase it during the final editing. That left the door open for getting a note from Giorgio about his plans with NoScript:
Also, the blocked object display area, if any, is replaced with a clickable placeholder: if you click it you're prompted you for convenient/hazardous on-the-fly temporary unblocking.
Swa Frantzen -- NET2S