http://it.slashdot.org/article.pl?sid=07/11/20/0137240&threshold=-1


eEye Digital Security has discovered 14 vulnerabilities in the FLAC file format that affect a huge range of media players on every supported operating system (Windows, Mac OS, Linux, Unix, BSD, Solaris, and even some hardware players are vulnerable). Heise points out a number of vulnerable apps that use the open source libavcodec audio codec library, which in turn relies on the flawed libFLAC library. These vulnerabilities could allow a person of ill will to trojanize FLAC files that could compromise your computer if they are played on a vulnerable media player. eEye worked with US-CERT to notify vulnerable vendors

*Looks at hard drive with 50gb of FLAC files*

What can we do to minimize any potential attacks?

Don't hang out with Strange FLACs??? ;)

Only play with your own FLACs, not with others? 8)

Most of these bugs have already been fixed. FUD ftl.

http://flac.sourceforge.net/

Read the past 3 change logs.

Good thing I use Apple lossless :)

^^ I'd rather not use anything Apple.. or Sony..

Most of these bugs have already been fixed. FUD ftl.

http://flac.sourceforge.net/

Read the past 3 change logs.


Quote ftw.

Good thing I use Apple lossless :)

if you're using anything apple, you've already lost something

be it your soul, your mind, your dignity, or your wallet.

if you're using anything apple, you've already lost something

be it your soul, your mind, your dignity, or your wallet.
;) No comment.

Seems like these "vulnerabilities" are becoming more and more frequent, whether in the context of apps/programs or Operating Systems. The word "security" in the IT world now is simply a mere illusion to coax people into a sense of complacency and safety. :rolleyes:

Seems like these "vulnerabilities" are becoming more and more frequent, whether in the context of apps/programs or Operating Systems. The word "security" in the IT world now is simply a mere illusion to coax people into a sense of complacency and safety.

Well someone had to build "it" ("it" being a general term for a product) so if some built "it" someone else will find its weakness. Take my system for example. I run Xp, a software firewall (which has both AV and AS) I also run a seperate AV and AS program. I hide behind a hardware router flashed with a third party firmware.

So in this take, there is no illusion. However some people have to realize that you need layers of protection, its the only way. Hell if someone really wanted to get into my system they could, hell people hack into the NSA,CIA, FBI etc etc etc...Just gotta do the best that you can and be smart with what you are doing.

Back to the OP. Meh, I am not worried. LOL

**Edit** "You are only as secure as you make yourself"

-yonton228/timmy

**Edit** "You are only as secure as you make yourself"
And even then you're not 100% foolproof regardless of what AV/AS/Firewall you are running. Hence security in that frame of reference is somewhat of an "illusion" because you "think" your system is safe when in reality, it is susceptible to compromise however many layers of protection you have in place.

And even then you're not 100% foolproof regardless of what AV/AS/Firewall you are running. Hence security in that frame of reference is somewhat of an "illusion" because you "think" your system is safe when in reality, it is susceptible to compromise however many layers of protection you have in place.

I dont want to derail the thread too much, however I think we are both "correct." My point was (and I am pretty sure you understood it) you have to do the best that you can to protect yourself. However in the end, it comes down to the user and what they do that really matters most take for example a post in the Network/security section
Ive been downloading some cracks lately and I opened up an exe program and nothing happened but now my task manager (ctrl+alt+del) is disabled by administrator. Also I just want to be protected against spyware and botnets

This user dl'ed something, and ran it....if you are not careful this can and will happen. So in the end, I will restate. I think we are both "correct" however we can both point out the "flaws" in each others stance on the matter :D

Back to the OP again lol.

Even if these flaws still do exist (which by the change logs some have been fixed) Bad things can mostly happen if you get files from "bad" sources. However I know of only a few sources that deal with FLAC in some shape or form. I know for me, I generally buy my music via CD because I like to support the artists I like. And yes, I do mean it. I generally listen to underground hip hop and they dont exactly make a killing. So when I do rip files to FLAC...well I am not concerned about security flaws.


PS: LOL, I just realized that I quoted someone in another thread that both of us have posted in..LOL



-yonton228/timmy

*Looks at hard drive with 50gb of FLAC files*Make that 500 GiB. :wasntme:

I dont want to derail the thread too much, however I think we are both "correct." My point was (and I am pretty sure you understood it) you have to do the best that you can to protect yourself. However in the end, it comes down to the user and what they do that really matters most take for example a post in the Network/security section

This user dl'ed something, and ran it....if you are not careful this can and will happen. So in the end, I will restate. I think we are both "correct" however we can both point out the "flaws" in each others stance on the matter :D

Back to the OP again lol.

Even if these flaws still do exist (which by the change logs some have been fixed) Bad things can mostly happen if you get files from "bad" sources. However I know of only a few sources that deal with FLAC in some shape or form. I know for me, I generally buy my music via CD because I like to support the artists I like. And yes, I do mean it. I generally listen to underground hip hop and they dont exactly make a killing. So when I do rip files to FLAC...well I am not concerned about security flaws.


PS: LOL, I just realized that I quoted someone in another thread that both of us have posted in..LOL



-yonton228/timmy
The world's safest computer is encased on concrete and at the bottom of the marina trench and protected by the US military and even then I doubt that it is completely secure :rolleyes:
So please don't debate the issue further because your point and position is completely untenable

never used FLAC files yet, still on good ol mp3

never used FLAC files yet, still on good ol mp3

If you are encoding in MP3 rather than dl'ing in MP3 you are missing out.




-yonton228/timmy

I encode my own FLAC files via EAC using accurate rip verification so not an issue here.

Consumer grade sound cards (i.e Creative cards) just doesn't cut it for quality, you need a high quality professional grade card to make the most of FLAC files like an E-MU card (Professional division of Creative), and a high quality amplifier and speakers/headphones.

Those with a creative sound cards hooked up to multimedia monitor speakers playing lossy MP3's don't know that they are missing!

Yeah, the only FLACs I ever dealt with were from a Norah Jones album.
Other than that, crap quality 128kbps MP3s for me.

if you're using anything apple, you've already lost something

be it your soul, your mind, your dignity, or your wallet.

Hey I can't lie I love my iPod + iTunes, if you can find a music program like iTunes but better I'll go FLAC :)

I encode my own FLAC files via EAC using accurate rip verification so not an issue here.

Consumer grade sound cards (i.e Creative cards) just doesn't cut it for quality, you need a high quality professional grade card to make the most of FLAC files like an E-MU card (Professional division of Creative), and a high quality amplifier and speakers/headphones.

Those with a creative sound cards hooked up to multimedia monitor speakers playing lossy MP3's don't know that they are missing!

QFT

My audio setup is in my sig ;).

well all i really download are dj sets, and most arent in FLAC, although gridlok put a flac out a while back sounded great. was a large file though, good 2 hour mix.

I dont own a zune or ipod yet, although i plane to get a zune i think too hook up with a dash MFD kit for my prius, just money is tighttttttt:mad: