1,000 Second Life Videos Added - SLPopularPlaces.Com

Thanks for wishing me luck with the site. Good luck in your ventures too.



I know, I used that search term when you first brought the issue up. I asked you to cite an article that supported your claims not a search query that didn't.

You have made alot of claims, and I asked you to back-up your claims with a reputable 3rd party article (such as the one I quoted from a leading anti-virus company that said your theory of a MP3 virus was a hoax).



I never said anything close to that.




Are you advocating not updating your software? What exactally are you advocating anyway, thats what I don't get.

Plus, yes it will offer you protection, there are a number of exploits which are rendered in effective by updating your software (quicktime and others).



A virus which hides it's signature in a jpeg file does not mean you can get a virus from viewing a jpeg file. If you have a credible source that disagrees please cite it.



Are you disagreeing with my assertion that you cannot get a virus from watching a FLV file which Youtube uses? It sounds like it.. If you are disagreeing please cite a reputable article from a 3rd party to back up your claims.



I don't, nor am I you. I just don't think you are correct about most of the things you have mentioned nor do I think you have provided reasonable evidence that youtube is somehow unsafe.

Tell me how someone can get a virus from viewing a video on youtube..

This is my last post on this... I have stressed over and over, that 90+% of media in whatever format you wish to quote uses the jpg compression routines.. sooooo.. simply watching a media file that uses those jpg compression routines, which has even a single frame containing a code that would/could/does initiate the introduction of maleware onto your system.

If the media that was uploaded onto the YouTube servers in whatever format it accepts, contained an infection, the conversion to flv will not mean by any means, that it is safe.
LimeWire and other P2P services also spead maleware of many genures...

IF... you get a buffer overload warning when you try load a media file in QuickTime via a url.. go here and run this programme on your system FOLLOW THE INSTRUCTIONS. Even if you don't get this message from Quicktime, still run this programme as the media related virus's can mutate.

http://forums.techguy.org/windows-nt-2000-xp/515576-help-iesecure-maleware-threats-constint.html

http://www.us-cert.gov/cas/alerts/SA07-193A.html

http://www.scmagazine.com/us/alerts/featuredarticles/40069/hot-not-local-buffer-overflow-vulnerabilities

http://osdir.com/ml/security.ids.snort.bleedingsnort/2006-12/msg00024.html

http://www.microsoft.com/technet/security/Bulletin/ms06-020.mspx

http://www.adobe.com/devnet/security/security_zone/apsb06-03.html

http://www.adobe.com/devnet/security/security_zone/mpsb05-07.html

http://software.silicon.com/malware/0,3800003100,39164505,00.htm

http://threatcenter.blogspot.com/2007/03/quicktime-security-fixes.html



I'm not spending anymore time on this, it's your system, your life, your time, educate yourself.

URL #1: Link to anti-virus software, thanks.

URL #2: Is a forum, not an article or anything, just the homepage of a forum.

URL #3: "Apple Releases Security Updates for QuickTime" - I said article proving your point, not an article that proves mine about having your software updated.

URL #4: "Hot or not: Local buffer overflow vulnerabilities" - "Just last month, Microsoft released a relatively rare out-of-band patch to protect users from potentially active zero-day attacks against the way Windows handled cursors, animated cursors and icon formats." - Again proves my point about making sure you have the latest upgraded software.

URL #5: This isn't really an article about Quicktime, it mentions something about "BLEEDING-EDGE EXPLOIT Quicktime .mov File Requested" but it does not give any more information.

URL #6: "Vulnerable versions of Macromedia Flash Player from Adobe are included with Windows XP, Windows XP Professional x64 Edition, and Internet Explorer 6 Service Pack 1 when installed on Windows ME, Windows 98, and Windows 98 Second Edition. " -- Again, update that software and no threat!

URL #7: "APSB06-03 Flash Player Update to Address Security Vulnerabilities" - How many times are you going to prove my point about having software upgraded? You cite yet another article that does just that.

URL #8: "MPSB05-07 Flash Player 7 Improper Memory Access Vulnerability" - "The current version of Macromedia Flash Player (8.0.22.0) contains a fix for the vulnerability. "
-- Again proves my point about making sure you have the software upgraded.

URL: #9: "Hackers coveting online video - McAfee" -- Somone trying to play online-psychic, the article speaks of no specific threat, just speculation on what someone may want to do in the future, weak speculation at that.

URL #10: "Apple has released updates to its QuickTime software that include security fixes for both the Windows and Mac versions." - Again proving my point.

I have read every cited URL. You only served to prove my point about keeping your software up to date.

You did not provide an article that supported your theory you can get a virus by simply viewing a JPEG. You also did not provide any evidence to support the theory you can get a virus by watching youtube. You provided only evidence which proves my point, not yours.



I'm trying, but if "educate yourself" means take whatever you say at face value although all evidence in the world contradicts it I'm afraid I can't.



I know you have stressed this point. I simply don't believe you though. So I will require a reputable 3rd party article to confirm what you say in the paragraph above. As of yet you have not been able to provide such verification. I've acknowledged potential vunerabilities in the Quicktime player which have some exploits (which upgrading your software WILL help), we are talking about getting a virus by watching a streaming video on youtube, provide evidence that can be done.

Are you as sure about this as you were about the MP3 virus which I have provided evidence was a hoax? I think you are sincere in your beliefs, however I do believe that you may have read one too many virus hoax letters and took them to heart.

Ok.. you have drawn me in to make another post due to your very very selective reading and lack on knowledge. The security issues have been around for years, but now they are on the increase. If you had followed the history of events, then you would know that both QuickTime, Microsoft and Adobe (flash) have been issuing updates to try and stem the tide. The excerts below state the problems, and according to you, US Goverment, Adobe, Microsoft, Apple and Specialist technitions are all lying and paranoid! BTW, It is quoted that midi and other sound forms are all vulnerable.. and these are converted into MP3's when compressions are applied with movie files, you will also notice quotes from Apple regarding picture files.. again changed into JPG's when compression added.


http://threatcenter.blogspot.com/2007/03/quicktime-security-fixes.html
Tuesday, March 6, 2007
QuickTime Security Fixes
Apple has released updates to its QuickTime software that include security fixes for both the Windows and Mac versions. We consider this critical as the number of people running QuickTime software is large. Here's a summary of the issues (full details can be found on Apple's site):
Viewing a maliciously-crafted 3GP file may lead to an application crash or arbitrary code execution (OS: Windows Vista/XP/2000)
Viewing a maliciously-crafted MIDI file may lead to an application crash or arbitrary code execution (OS: Mac OS X and Windows Vista/XP/2000)
Viewing a maliciously-crafted Quicktime movie file may lead to an application crash or arbitrary code execution (OS: Mac OS X and Windows Vista/XP/2000)
Viewing a maliciously-crafted PICT file may lead to an application crash or arbitrary code execution (OS: Mac OS X and Windows Vista/XP/2000)
Opening a maliciously-crafted QTIF file may lead to an application crash or arbitrary code execution (OS: Mac OS X and Windows Vista/XP/2000)
----------------------------------
http://threatcenter.blogspot.com/2007/07/adobe-flash-browser-plugin-high-risk.html

Tuesday, July 17, 2007
Adobe Flash Browser Plugin High Risk Vulnerability
Yesterday, Adobe announced a vulnerability in its flash player that could be exploited to run arbitrary code. This vulnerability is cross browser and cross platform and the vulnerable software is installed by default on all recent copies of Windows and OS X.
All users who allow flash content in their browsers are at risk.
This morning we saw the first proof-of-concept exploit, which we fully expect to be the tip of the iceberg. Its likely that we'll see mass exploitation in the next few days..
To protect yourself, the best thing to do is to upgrade your flash plugin to 9.0.47.0 or later. If you use FireFox, the NoScript plugin will prevent flash content from running unless you specifically trust the source or grant it temporary permission. NoScript can be annoying, but its an extremely valuable tool in combatting malicious websites.
And, of course, make sure you're running gateway and desktop antivirus and intrusion prevention products that are up-to-date.
We'll keep you posted as we see more.
------------------------------------------
http://threatcenter.blogspot.com/2007/07/threat-level-raised.html
Tuesday, July 17, 2007
Threat Level Raised
We're raising the threat level in response to the Adobe vulnerability. At this point, the Threat Level is in a cautionary area. We'll raise it again if we start seeing wide-spread exploitation.
-------------------------------------
http://software.silicon.com/malware/0,3800003100,39164505,00.htm
Hackers coveting online video - McAfee
Media malware is next big thing...
Tags: video-sharing, video sharing, video, mcafee
By Tom Espiner
Published: Monday 4 December 2006
Show related
articlesSecurity vendor McAfee has predicted the increasing popularity of video on the web will make it a future target for hackers.
The use of video formats on social-networking sites will attract malware writers, the company claims. As people become more reluctant to open email attachments from anonymous sources, hackers will target users who open media files instead.
The functionality of online video, which includes pop-up ads and URL redirects, will become "ideal tools of destruction for malware writers", McAfee claimed in a statement. It said: "As video-sharing networks on the web proliferate, the potential capture of a large audience will incite malware writers to exploit these channels for monetary gain.
"In combination, these issues make malicious coders likely to achieve a high degree of effectiveness with media malware."
The so-called W32/Realor worm, discovered in early November 2006, launches malicious websites without user interaction, potentially exposing users to pass-capture malware on the sites. The so-called Exploit-WinAmpPLS installs spyware but requires user interaction.
McAfee anticipates that businesses will prefer users not to download video onto work PCs.
McAfee security analyst Greg Day said: "A lot of companies currently have verbal policies [prohibiting video downloads]. We expect more formal enforcement to come into place."
Tom Espiner writes for ZDNet UK
---------------------------------
http://www.adobe.com/devnet/security/security_zone/mpsb05-07.html
Security Bulletin
MPSB05-07 Flash Player 7 Improper Memory Access Vulnerability
Summary A vulnerability in Macromedia Flash Player 7 has been identified that could allow the execution of arbitrary code.
SolutionThe current version of Macromedia Flash Player (8.0.22.0) contains a fix for the vulnerability. Users who have already upgraded to Flash Player 8 are not affected by this issue. Macromedia recommends all Flash Player 7 and earlier users upgrade to this new version, which can be downloaded from the Macromedia Player Download Center. Updated versions of Flash Player 7 for Linux and Solaris, which contain a fix for the vulnerability, are also available from the Macromedia Player Download Center. For customers with operating systems that do not support Flash Player 8 (Microsoft Windows 95, Microsoft Windows NT, or classic Macintosh operating systems), please refer to the Flash Player 7 update TechNote.
Affected Software VersionsFlash Player 7.0.53.0 and earlier
Severity RatingMacromedia categorizes this as a critical update and recommends affected users update to Flash Player 8.
DetailsFlash Player 8 (8.0.22.0) and Flash Player 7 update (7.0.61.0 or 7.0.60.0) address a security vulnerability in previous versions of Flash Player, which could lead to the potential execution of arbitrary code.
There was a problem with bounds validation for indexes of certain arrays in Flash Player 7 and earlier, thus leaving open the possibility that a third party could inject unauthorized code that would have been executed by Flash Player.
AcknowledgementsMacromedia would like to thank eEye Digital Security and Sec Consult for reporting these vulnerabilities and for working with us to help protect our customers' security.
-----------------------------
http://www.adobe.com/devnet/security/security_zone/apsb06-03.html
APSB06-03 Flash Player Update to Address Security Vulnerabilities
Originally posted: March 14, 2006
CVE IdentifierCVE-2006-0024
Summary Critical vulnerabilities have been identified in Flash Player that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit these vulnerabilities. Users are recommended to update to the most current version of Flash Player available for their platform.
SolutionAdobe recommends all Flash Player 8.0.22.0 and earlier users upgrade to the new version 8.0.24.0, which can be downloaded from the Player Download Center. For customers that cannot upgrade to Flash Player 8, please refer to the Flash Player 7 update TechNote.
Adobe provides a free license for redistributing Flash Player on company intranets, or with software product or services. For more information and to apply for a license, use the online application.
May 9, 2006 Update
For Windows users who currently have Flash Player 6.0.79 or earlier installed on Microsoft Windows XP Service Pack 1, Windows XP Service Pack 2, Windows 98, Windows 98 SE, or Windows Millennium Edition, Microsoft is providing an updated Flash Player 6 (6.0.84.0) through Windows Update. For more information, see Microsoft Security Bulletin MS06-020.
If you are unable to follow Adobe’s guidance or cannot move to a more recent version of Flash Player, please contact the Adobe Security Team at [email=PSIRT@adobe.com]PSIRT@adobe.com[/email] for guidance around this update.
Adobe recommends Breeze customers upgrade to Breeze Meeting Add-In version 5.1 SP1, which can be downloaded via the following links:
Breeze Meeting Add-In Version 5.1 SP1 for Windows
Breeze Meeting Add-In Version 5.1 SP1 for Macintosh OS X
Shockwave Player includes the Flash Asset Xtra. Adobe recommends Shockwave Player customers upgrade to Shockwave Player 10.1.1, which updates the Flash Asset Xtra version number to 8.0.24.0.
Affected Software Versions Flash Player versions 8.0.22.0 and earlier
To verify the Flash Player version number, access the About Flash Player page, or right-click on Flash content and select About Macromedia Flash Player from the menu. If you use multiple browsers, perform the check, and the installation for each browser.
Breeze Meeting Add-In Version 5.1 and earlier
To verify the Breeze Meeting Add-In version number, enter a meeting room and select Help>About Breeze Meeting.
Shockwave Player version 10.1.0.11 and earlier
To verify the Shockwave Player version number, access the Test Shockwave Player page.
Flash Debug Player version 7.0.14.0 and earlier
To verify the Flash Player version number, access the About Flash Player page , or right-click on Flash content and select About Macromedia Flash Player from the menu. If you use multiple browsers, perform the check, and the installation for each browser.
Severity RatingAdobe categorizes this as a critical update and recommends affected users update to Flash Player 8.0.24.0.
DetailsFlash Player 8 update (8.0.24.0), and Flash Player 7 update (7.0.63.0) address security vulnerabilities in previous versions of Flash Player, which could lead to the potential execution of arbitrary code. These vulnerabilities could be accessed through content delivered from a remote location via the user’s web browser, email client, or other applications that include or reference the Flash Player. Updated versions of Flash Player 7 for Linux and Solaris, which contain fixes for these vulnerabilities, are also available from the Adobe Player Download Center.
--------------------------------------
http://www.microsoft.com/technet/security/Bulletin/ms06-020.mspx
Microsoft Security Bulletin MS06-020
Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (913433)
Published: May 9, 2006 | Updated: November 15, 2006
Version: 1.1
Summary
Who should read this document: Customers who use Microsoft Windows
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Customers should apply the update immediately.
Security Update Replacement: None.
Caveats: This bulletin is for customers using Macromedia Flash Player from Adobe version 6 or earlier. Customers that have followed the guidance in Adobe Security Bulletin APSB06-03 are not at risk from the vulnerability.
Vulnerable versions of Macromedia Flash Player from Adobe are included with Windows XP, Windows XP Professional x64 Edition, and Internet Explorer 6 Service Pack 1 when installed on Windows ME, Windows 98, and Windows 98 Second Edition. Other versions of Windows are not affected or not supported by this security update. Customers with Flash Player installed on other versions of the operating system or customers who have upgraded to Flash Player 7 or higher are encouraged to follow the guidance in the Adobe Security Bulletin APSB06-03.
Microsoft Knowledge Base Article 913433 documents the currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues. For more information, see Microsoft Knowledge Base Article 913433.
--------------------------------
http://www.scmagazine.com/us/alerts/featuredarticles/40069/hot-not-local-buffer-overflow-vulnerabilities
Buffer overflow vulnerabilities have plagued IT security professionals for some time, and some of the most notorious worms -- including Code Red, MSBlaster, SQL Slammer, and the infamous Morris worm that struck in 1988 -- all were made possible by buffer overflows.
These flaws arise in software when developers fail to properly put in place checks for strings that are placed in memory. Without such checks, attackers can send data to the buffer that goes beyond the intended buffer length and causes instability. The extra data then can overwrite nearby memory locations, which can be program data, variables, and other memory buffers. Attackers also can insert malicious applications into the system. That's why buffer overflows are so sought after by attackers. An application with a buffer overflow error vulnerability can be used to crash the application, produce false results, and enable the attacker to gain access to system resources, install malware, spyware, viruses, trojans, pop-up ads and even clandestinely steal information.
For many years, local vulnerabilities were considered to be less critical than remotely exploitable vulnerabilities. That's because local vulnerabilities often require the end user or system to take some type of action to be successfully compromised. But today, with nearly every computing device connected and interacting with the internet, it's much easier to entice users to fall victim. They can be attacked via websites, email attachments, and instant messaging file exchanges. And the problem means that common file formats, such as all Microsoft Office applications, Adobe PDF files, and other near ubiquitous formats, including those of many image and video files, can be used by attackers. This also presents a clear danger from core operating system components, as witnessed by the recent animated cursor and help file vulnerabilities.
One hope for a long-term solution is the No Execute, or NX technology, being built into Intel and AMD processors and the Windows operating system. But only time will tell if this technology can eradicate one of the longest standing and easily exploitable classes of vulnerabilities.
-Amol Sarwate is director of Qualys' vulnerability research lab.
-------------------------------
http://www.us-cert.gov/cas/alerts/SA07-193A.html
Description
QuickTime prior to version 7.2 has multiple image and media file handling vulnerabilities that could allow an attacker to run malicious programs on your computer. This could happen by visiting a malicious web site. Upgrading to Apple QuickTime version 7.2 will correct these vulnerabilities.
Note that QuickTime ships with Apple iTunes.
For more technical information, see US-CERT Technical Alert TA07-193A and the Apple QuickTime Security Update.
---------------------------------

Some articles quoted YouTube.. but so I don't get misquoted yet again, perhaps this quote suits you better?

McAfee claimed in a statement. It said: "As video-sharing networks on the web proliferate, the potential capture of a large audience will incite malware writers to exploit these channels for monetary gain."

For the most part, I don't care what you think as you clearly have some notion that all is happy in the garden.. but unless you now wish to call all these people/experts above scaremongers, paranoid, liars etc etc... accept you are wrong. As I stated previously, having the latest updates, simply means that you are covered for the historic vulnerabilities that were know when the patches were written, and this has been going on for some years and is ongoing.

QUOTE: One hope for a long-term solution is the No Execute, or NX technology, being built into Intel and AMD processors and the Windows operating system. But only time will tell if this technology can eradicate one of the longest standing and easily exploitable classes of vulnerabilities.
-Amol Sarwate is director of Qualys' vulnerability research lab. :UNQUOTE

I/We produce media for the internet and SL, we make every frame and the compiled media is screened several times. We also host on our own secure servers. Any media streamed into SL via our servers are shown on the Silver Stream Network which is supplied over SSL's which also incorporate firewalls and virus checkers, in addition, each screen/player is coded for security. We do NOT use any form of public host or file sharing facilities. Despite the vulnerabilities of the players/plugins none of our media can cause the 'exploits' mentioned. SL's cleint uses the QuickTime pluggin and cannot play flash media above version 3.

You guys still reading the information I took time to post for you?

I think this is an important enough issue that it should become sticky.

Combine that with the slurl exploit reported by LL this week... seems like this types of issues are on the up. Although, the slurl exploit is probably because of the reports about millions of dollars being transacted through SL on a weekly basis by a few thousand users, is bound to attract attention.

The information you posted has been addressed already. You haven't provided evidence that is possible to get a virus by viewing a video on Youtube, that was the point you were trying to make correct?

Nor have you provided evidence for your claim that making sure you have all the updated versions of software will provide no help for the things you mentioned.

Fact of the matter is everything you mention involves exploits which can be addressed by upgrading your software, and none of the info you provided offers any indication of getting a virus from Youtube. The only "evidence" you provide are hypothetical situtations that various dummies throughout the internet speculate could happen at some unmentioned point in the future.

You have not provided a single issue that cannot be fixed by making sure all your software is updated. I don't care to debate you on hypothetical issues that may be a problem in the future, I addressed you only because you were wrong and wouldn't let the issue die when I tried to overlook it.

I don't see much point in making inaccurate information/outdated issues a sticky.

If you want to address the SLURL issue feel free to start another thread, my site has nothing to do with it, just like my site has nothing to do with catching viruses by watching videos.

I didn't reply to your last post because you didn't rebut anything or provide anything new, I simply grew tired of refuting the same points. If you go back and look at what you posted and truely feel you provided evidence to support your claim then you are confused.

I'm not even sure what point you are/were trying to make (beyond don't watch youtube or you will get a virus, which you haven't proven), and to be honest I simply don't care what point you were trying to make. You have exhausted me by debating inane points and not even coming out and saying what the point is you are trying to make.

Your posts also offered no advice for anybody, it was only fear mongering (in my thread, in relation to my site), you even tried making the claim that updating your software will do you no good, not only is that not helpful, that is the exact opposite of helpful.

Start a new thread to discuss whatever you like, but leave my threads alone, it hasn't added anything relevant, useful, or accurate.

PS - I visited one of your sites you posted in another thread, my computer locked up and I had to do a cold reboot twice after trying to view a video, fix the real issues with your site before worring about the hypothetical issues with mine.

PPS - If you must reply atleast let it be of an example of someone actually (not hypothetically) getting a virus by *watching a video* on YouTube to prove your point. Aside from that I really don't want do hear it or debate another inane point. -- If you do not have that then why even bring this crap up on my thread to begin with?

I'm thinking your just trying to smear my site/youtube (whilst bragging about your site that crashes IE), I tried to be polite, but your just getting on my nerves honestly.

--

Your last post simply made the *same* points in your previous post, which I had already refuted. Seriously, look at your last post, ask these questions:

1) Did you provide evidence of someone getting a virus by watching a video on YouTube?
Answer: No

2) How many of the points brought up in your last post said something to the effect "This issue is corrected by upgrading to the latest version of:".
Answer: No, you go back and count, how many of your points said that? (alot) And those that didn't come out and say so, it still applies.

Why you insist on debating over something which you can provide absoutely no evidence of is beyond me (other than smear tactic, troll advertising). You also post information that supports my point about upgrading your software and then pretend like it somehow supports your point that you can get a virus by watching a youtube video when it in absoutely no way does.

From your last post:


You post information that supports what I have been saying (update your software) and refutes what you have been saying (ah, that won't help) then come back and say "You guys still reading the information I took time to post for you?" -- Why the heck should I, you obviously haven't read my post where I addressed each and every point. You are also pretending like this information supports your arguement, which it does not, it supports mine.

I have better things to do, post a clear example of someone getting a virus by watching a youtube video, admit you were wrong, or simply go away.

I wish you good luck and have no hard feelings, this debate is simply annoying.

another pissing contest?
This thread should have been closed by now, as it does not contain any useful information.

I agree it contains no useful information. I also tried to let this thread die a month ago, why he brought it back from the grave I do not know. I even let him think he won the debate (in his mind) by simply not responding to him when he reposted the same information ignoring my rebuttal.

Either way, I agree, not only is it unworthy of becoming a sticky, it should be closed.

Geez... you are a VERY selective reader.. despite giving you chapter and verse, you still don't get the point... in fact in your very own words..

'The only "evidence" you provide are hypothetical situtations that various dummies throughout the internet speculate could happen at some unmentioned point in the future.'

Microsoft, Adobe, Apple, US Government and Security labs are all 'dummies'?

In the very links I provided to you so you could educate yourself, YouTube was cited by name.. again you neglected to see that. As for your responce about providing an exact movie that infected my system? Again how niaeve you are, do you seriously think that these exploits announce themselves and give a clear indicator of how they arrived on your system?

My post wasn't aimed at you or the few other people that think everything is good in the garden as long as they install updates. The BEST virus checker commercially available detected only 90% of infections, the remainder only acheived up to 75%. Bearing in mind that virus updates are all Historic.... what are your chances of remaining uninfected? The WHOLE point to my posts was to simply offer information about the currently growing issues, so they can judge for themselves whether the likes of YouTube are a safe place to browse. Personally (and I'm not alone in that judgement) it isn't given the circumstances.

That's the thing about information... it's there to educate yourself.

If you see this post as some sort of 'contest' you are very mistaken, nor is it a place to attempt to 'belittle anyone'. I've seen you refrute every link I provided from knowledgeable resources, as far as I am concerned, they cannot all be wrong. I am not 'proving' anything to you or anyone else, I am simply passing on information from reputeable sources.. see it for what it is.

That's not an example of someone getting a virus by watching a video on youtube. You can dance around the issue all you want, talk in circles, selectively read whatever you want, but you have not proven your case.

What part of this following exerpt from my last message did you not understand:

"PPS - If you must reply atleast let it be of an example of someone actually (not hypothetically) getting a virus by *watching a video* on YouTube to prove your point. "

Either do that or let this thread die, it is nothing but annoying.

Your bias against youtube is evident, I am certain youtube is 10x safer than any site you have.. (no don't address it, I don't care).

Show an example of someone getting a virus watching a youtube video (thus proving you are not stupid/a liar) or simply go away.



Thier speculation is not proof of someone getting a virus by watching a video on youtube.


How about this: You are stupid for thinking you can get a virus by watching a video on youtube. Only a dummy would believe such a thing. If you are not a dummy you are a liar. Now you can refute what I just said by showing an example of someone getting a virus by watching a youtube video. That is the only way you can refute it, do so or admit you were wrong.

I'm not trying to be mean, but you flat-out have to backup your claims or admit you were wrong.



I also never said those sources were wrong, they said either update your software, or they were talking about hypothetical threats. Also none of those threats to the best of my knowledge ever affected youtube.



Funny how you didn't do it on your own thread about your site.. Which is subject to more security threats since your site uses the Quicktime player rather than safer FLV files which youtube uses...

If what you claim were true, then every video in the Second Life world would be a bigger threat than youtube. Can you tell me why you are unconcerned about catching a virus by watching a video in Second Life? Why aren't you warning people against playing videos in Second Life?



The word "Youtube" appeared exactally 1 time in your last post, and it wasn't a quote of any article, you typed it..

---

Your choices of responses:

1) Here is an example of somone getting a virus simply by viewing a youtube video:

2) It appears I was wrong, there doesn't seem to be any examples of someone getting a virus simply by watching a youtube video.

3) Silence..

Make sure your response (or lack thereof) falls into one of those 3 categories.

If what you say is true the internet should be absoutely littered with examples of people getting a virus by simply viewing a youtube video, simply pick one solitary example of such a thing and post it here to prove your point. Lest you accuse me of being selective, I would like to point out I have spent hours searching for an article to prove your point, I have been unable to find a single source backing up what you say.

If you can't find any such example (knowing if it were a real threat, there would be thousands of articles about it) then atleast have the intellectual honesty to admit you were wrong.

I flat-out proved the "MP3 Virus" thing you brought up was a hoax, you lacked the intellectual honesty to even admit you were wrong about that (do that any time you like). You also have been arrogant/rude to everyone that contradicted you or asked you to prove your claims, which is why I am being so blunt now.

Your posts are very rude and belittling, for that alone I am going to report your conduct. If you cannot be constructive and or conduct yourself in a proper manner to other people, you should desist from posting here on OPEN forums.

I don't care about your personal opinions, clearly you do not understand about the mechanics of the exploits or the threats cited by your peers.

Calling me a lair/dummy shows your own mentality and iggnorance, I suspect you are trying to get this thread locked, which is little issue to me, enough people have read the important information.

The sole reason YouTube was mentioned, you have to only look at the title of the thread which YOU made. I have posted consistant relative information about the dangers of reported exploits from creditable sources, you choose to not only ignore those and belittle them but also me.

All my posts were polite as heck until you brought back a month old thread and continued to insist that your claim was correct although you cannot prove it.

YOUR CLAIM THAT YOU CAN GET A VIRUS BY WATCHING A YOUTUBE VIDEO IS A LIE! - I must have asked a dozen times to simply prove your point, you failed.

If you look at your past posts you will see you are the person being rude to anyone that disagrees with you:

"<sigh> There is an old saying 'You can lead a horse to water, but you can't make it drink'.... I would add '.. and some horses you have to explain what water is'..."

"Oh dear... how the fools gather.. The only fool here is yourself."

And heck your VERY LAST POST: "how niaeve you are" (sp)

"That's the thing about information... it's there to educate yourself."

Then you have the nerve to say my posts are rude? Ha! Any objective person can tell I remained polite far longer than you did. You have been a smartarse every opportunity you had, I have been a saint to be as polite as I have for so long.

Thanks for admitting you were wrong about the MP3 Virus Hoax, and this Youtube virus hoax you were trying to convince people of.

I'm glad you have finally admitted you were wrong and you were only slandering my site/youtube with unsubstantiated claims. Since you have failed to prove your claim you admit that by default.

And when you make claims you can't back up which casts my projects in a bad light you are either too arrogant to admit you are wrong or a liar, you can't back up your claim, so objectively one of those are true.

Now learn to prove what you say or not to say it at all to begin with. I'm sure you think this was all worth it. Find another thread to troll, thats all you were doing from the get-go.

Report me for calling you a liar when you are obviously a liar and you have been doing nothing but intentionally instigating it.

PS - You still haven't proved your point, you only proved you get mad when someone forces you to back up your slander..er..claims..

I even told you I wasn't trying to be mean but you are intentionally trying to tick me off, you know it is infuriating when I ask 12 times for 1 question to get answered and you refuse to do it. I asked you not to even post unless you can prove your claim, your refusal to honor that simply constitutes trolling.

I didn't belittle your sources, I simply showed that they virtually all refered to a fix/patch for the problem it mentioned and that they didn't support the notion of getting a virus by watching a youtube video. You simply dislike that and don't want to acknowledge it.

Youtube is not mentioned in the title of this thread. You did not post consistant relative information about the dangers or reported exploits THAT AFFECT YOUTUBE. You posted exploits relating to EVERYTHING BUT.

Nothing in the things you cited showed an example of someone getting a virus by watching a youtube video. NOTHING.

One solitary example can prove your point, but you refuse to provide it because you can't, because it does not exist. Instead of admit that you want to pretend you proved your point when you did not. You still refuse to acknowledge the "MP3 Virus" you mentioned was a hoax dispite the fact I proved it was, I'll do so again:



Please point me to the SINGLE ARTICLE one more time that described someone getting a virus from watching a video on youtube (for the 15th time?).. Just one..

The fact that you have NEVER provided that and NEVER will proves that you were either lying all along or simply too arrogant to admit you were wrong.

When I said you were a liar it was simply an attempt to get you to back up your claim because you have stubbornly refused to do so. Instead of prove your claim thus proving you are not a liar you get mad about me pointing out the obvious.

Ignore that point and go ahead and post something pointless though, you have every other time..

So far all you have shown is that you know it all, but can't prove a single thing.

MP3 Exploit

http://www.scmagazineus.com/Talking-trojan-warns-users-of-infection/article/35196/

Willy Leichter, director of product marketing at Tumbleweed Communications, a Redwood City, Calif.-based messaging security vendor, told SCMagazine.com today that the hacker responsible for creating this trojan could be showing off the technique for future for-profit use.

"There is still an element out there of the stereotypical hacker in a dark room trying to show the world just how smart he is. But that’s probably more the exception than the rule nowadays," he said. "Playing with audio is something we’ve been worried about. There are any number of ways that you can embed viruses in MP3 files. Maybe they’ll find a way to exploit YouTube."

-------------------------------------
YouTube

http://www.scmagazineus.com/Social-networking-threats/email/34246/
Social networking threats
Justin Bingham, CTO and co-founder, IntrusicDecember 13 2006
As users have flocked to social networking sites, it was only a matter of time before the interest of the hacker community was piqued. Sites such as MySpace and YouTube have skyrocketed in popularity and tout visitor numbers in the millions. In the past year alone, MySpace visitors have been the repeated target of attacks, falling prey to everything from cross-site scripting to phishing. YouTube has also contributed, as codecs loaded with keyloggers and spyware variants have begun to accompany videos posted on their site.


http://www.scmagazineus.com/Tackling-the-security-issues-of-Web-20/print/35609/


<< Return to Tackling the security issues of Web 2.0
Tackling the security issues of Web 2.0
Yuval Ben-Itzhak, CTO, FinjanSeptember 10 2007
Web 2.0 has become a popular term over the past 12 to 18 months to describe the second generation of community-based internet services. Before Web 2.0, website owners drove traffic to their sites by creating content aimed at attracting large numbers of visitors.

In the Web 2.0 world, the web serves as an online platform for people to create, collaborate and share their own content – which may be blogs, wikis, videos or photos.

The idea is to make this platform as user-friendly and accessible as possible, so that people will visit often to post and view content. Popular social networking sites, such as MySpace.com, or video sharing sites, such as YouTube, are prime examples of Web 2.0.

While Web 2.0 offers many advantages in terms of enriching the internet, improving the user experience and creating web-based communities, it also opens the door to new propagation methods for malicious code.

Web 2.0 security vulnerabilities

Since Web 2.0 platforms enable anyone to upload content, these sites are easily susceptible to hackers wishing to upload malicious content. Once the malicious content has been uploaded, innocent visitors to these sites can also be infected, and the site owners could be potentially responsible for damages incurred. From a technical standpoint as well, Web 2.0 sites are more prone to attack since they have more interactions with the browser and require running complex Javascript code on user machines. What makes matters worse is that the vast majority of these sites (e.g., Wikipedia, MySpace, Flickr) are considered “trusted” by URL filtering and categorization products, and as such will probably not be blocked despite the fact that they might contain malicious code.

Most enterprises do not normally block users from visiting Web 2.0 sites, which could become an IT security risk. Web 2.0 sites harboring malicious code raise a plethora of issues for enterprises: internal and external security; legal liability (direct, indirect and consequential); and regulatory compliance issues.

The use of a Web 2.0 platform for malicious purposes was discovered on a known U.S.-based website offering art directory services in April 2007 by Finjan's Malicious Code Research Center. The malicious code on this site was obfuscated to enable it to bypass anti-virus solutions. It exploits various browser vulnerabilities and uses AJAX technology to download and execute a potentially malicious trojan from a remote server. Simply by visiting this page, without taking any action, the visitor's machine is infected.


In the last couple of years, the web has moved from a collection of static pages to a more interactive and dynamic environment. This shift has been heralded as Web 2.0 and has given more users more power. No longer is the web a place where only technical folks can produce content. Instead, with the click of a button non-technical users from children to seniors are able to upload information to personal or corporate sites, produce interactive pages or share content. Popular dynamic sites such as YouTube, MySpace and Flickr are the poster children for this new web world.

In addition to structural security flaws, there are also user threats including the loading of malicious content. Sites that encourage end user postings typically have no way to stop the uploading of content that might distribute malicious code to other site visitors. In similar ways, other user-driven web sites, including blogs, podcasts and social networking sites, are prone to both security and privacy issues. While it seems as though democracy has come to the Internet, more freedom means increased potential for abuse and errors.

As in our car example, the new features create new avenues for exploit. The majority of Web 1.0 users interacted with single functions on single pages. Now AJAX programming allows any given page to have dozens of features and functions, running independently as well as interacting with each other. This means a fragmentation in communication and the possibility that web application vulnerabilities that have been around for years might increase exponentially. The most common vulnerabilities include SQL injection, cross site scripting (XSS), buffer and SOAP overflow and XML attacks.

The dependence on technology means the new vulnerabilities brought by Web 2.0 are inevitable. Back in the old days of the web—even three or four years ago—users could boost security levels by turning off JavaScript. Doing so now would all but render the website useless. In effect, the user would be disabling the exact tools that make the web useful and efficient.


http://www.usfk.mil/usfk/bell-sends/5_11_07_27%20-%2007%20Restricted%20Access%20to%20Internet%20Entertainment%20Sites%20Across%20DoD%20Networks.pdf

Surprisingly, of all the decisions the Department of Defense had to make in recent years, I bet you this one ranked right up there.

On Friday, Gen. B.B. Bell issued a memo detailing restrictions to 13 social networking or file-sharing sites on the internet, including enormously popular MySpace and YouTube.

Bell says the sites pose bandwidth problems and a “significant operational security challenge.”

To the IT security observer, this should come as no surprise. As incidents of bogged-down networks, web 2.0 identity theft scams and malware, and the posting of possibly sensitive information to these social networking sites become more pronounced, organizations across the globe will be cutting access to these hot web destinations in the same way they’ve banned traffic to porn sites in the past.

http://newsteam.scmagazineblogs.com/2007/05/07/dont-forget-about-web-01-19/

Everybody and their mother is going ga-ga over the inherent vulnerabilities of Web 2.0 - sites such as MySpace and YouTube - but when it comes to the insecurity of today’s web, just about every website is susceptible to attack.

------------------------------------------------------------------

Seeing as you didn't like the other 'dummies' reports, I spent more time, doing research for you.. which I would have hoped you didn't need anymore 'handholding'.

FYI, you will see the YOUTUBE is mentioned quite a few times. Note also that YOUTUBE is a Web 2.0 site.

Perhaps a lot more lies and scaremongering? I don't LIE btw, I research.. when so many state the same things... I have to feel there is some merit in it. Keep using YouTube, I simply don't care, I only want other to realise the potential risks.

I'd also point out that isn't an example of someone actually getting a virus in real life from watching a video on youtube. It is speculation, it is not a real-life example, a real-life example shouldn't be too hard to find should it?

As of July last year there were 100 million videos viewed on youtube per day. Considering the stats, a real life example should be easy to find.

As for the MP3 virus thing you brought up again, if you read the source for the article cited you will see this page:

http://www.pandasecurity.com/enterprise/security-info/about-malware/encyclopedia/overview.aspx?idvirus=166596&sitepanda=empresas

Which explains it is the BotVoice.A trojan which:

"BotVoice.A is a Trojan that prevents users from working with the computer properly, as it does not allow the files with certain extensions from being run: BAT, COM, EXE and MP3 files, among others."

BotVoice.A is not a virus which embeds itself in an MP3 file as the article you cited let on. Nor is it a virus.



http://news.bbc.co.uk/1/hi/technology/6100016.stm

That describes the threat as downloading a video which requires a codec, the codec could then be full of spyware/ect. I agree downloading videos and installing 3rd party codecs can be a security threat, however that is not a typical thing the average youtube user does. I'll also point out this is not a threat that is unleashed when you simply view a youtube video, you must download and install an exploited codec. It does not support the notion of getting a virus by simply viewing a youtube video.

I would never download and install an unknown 3rd party codec to view a video file, nor do you need to in order to view a youtube video, hence it is not even an hypothetical example of how someone could get a virus by watching a youtube video.

My site does not allow external links to be displayed on youtube videos and removes special HTML characters from the description, so the odds of "accidentally" downloading such a codec from my site (by clicking on the wrong link, ect) are absoutely nil.

I wrote many times about virus's, keyloggers, exploits, trojans, 'maleware' being the encompassing term to any programme which is either undesireable, destructive, user unintentional, spyware etc etc...

I will not provide actual YouTube links to infected files for 2 reasons, I do not frequent YouTube anymore after contracting 'maleware' on one of my systems, having spent a considerable time surfing its content, which took me a long time to clean the system, which effected my business, I couldn't actually tell you which of the file(s) was the offender, and... should I have perhaps provided such a link, I would either be doing someone a diservice as I would have already reported it, or be accused of putting that content there in the first place.

The prolifercation of information I have posted indicates the huge variety of potental threats that are growing expotentially throughout the internet, but represents only the tip if the iceberg of what is available. What is most worrying, before Web 2.0 genure websites, the root source of the threat could be traced, but with Web 2.0, no controls are in place by the host of the site(s) and content is freely uploaded and exposed by anyone, in much the same way as a posting on a forum. All forms of user content is subject to attack and use by Maleware creators, the more popular the website, the greater attacks it will attract. That is the reason why I state caution to those that wish to use YouTube and other similar places. Unless you know the exact source of the content, you should always treat it with suspicion, in much the same way with 'junk/spam' emails containing links, attachments, even jpgs and pdf files.

The information I have been researching over the past 10 years, indicated growth spurts in 'maleware' which is aligned with the various genure growths of the accessability to utilise exploits. The most worrying element these days is not from 'predictable' websites whereby a webmaster would have to craft the content and 'push' the malicious code to the user, but the fact now it can be 'pulled' without user intentional interaction. To say that you cannot contract a virus from a MP3 or any other form of media, but accept that you can get a Trojan, is muted. A trojan by definition is exactly what the name implies, it is a portal programme that controls access for other malicious code to gain entry, or use of, your system. The range and variety of what maleware can do these days, is very concerning. When you consider NAT/Software firewalls, virus checkers etc can all be circumnavigated with relative ease, access to passwords, user identity, even your surfing habbits are all accessible to some unknown/faceless person(s) with the click of a icon.

Vista goes someway towards how systems and users must interact using the internet in the future, even CPU manufactures are being brought into the arena to hardwire more security at the basic level. This may include 'lossless' neuron packets that are only 'one use'. Should they be intercepted by anyone other than the intended target, the information contained is destroyed (very simplistic explaination). It is a foregone conclusion however that those that gain the benefits from producing 'maleware' will be ahead of those times, as they very much are now.

It is sad that for every good thing deveolped, there is a potential for something sinister. The gains that can be derived by those with ill intent, grows expotentially as many of us use online payment methods, it is a billion dollar 'industry'. We should never be fooled into thinking we are safe, just because our software is upto date, or that we have a whole raft of 'security' layers in place, none of which can, or should, prevent the user from clicking an icon/link, but in essence, thats all that is needed.

I just asked for an example (article) of someone getting a virus from watching a youtube video not the youtube link itself (still unprovided).

Either way, thanks for the posts..

Now that you've had your say, and since I am highly unlikely to get the information I requested and since there is really nothing new to say I guess this discussion is over.

I have better things to do..