Forum rules
Under no circumstances is spamming or advertising of any kind allowed. Do not post any abusive, obscene, vulgar, slanderous, hateful, threatening, sexually-orientated or any other material that may violate others security. Profanity or any kind of insolent behavior to other members (regardless of rank) will not be tolerated. Remember, what you don’t find offensive can be offensive to other members. Please treat each other with the kind of reverence you’d expect from other members.
Failure to comply with any of the above will result in users being banned without notice. If any further details are needed, contact: “The team” using the link at the bottom of the forum page. Thank you.
Dalby
Posts: 2
Joined: Tue May 23, 2017 4:06 pm

insecure subtitles

Tue May 23, 2017 4:09 pm

did you guys see this?

how is this even possible since the subtitles is just text?

http://blog.checkpoint.com/2017/05/23/h ... anslation/

cerebral
Posts: 1
Joined: Tue May 23, 2017 8:12 pm

Re: insecure subtitles

Tue May 23, 2017 8:15 pm

Yup, this is definitely a huge concern. There is a video of it in action:

http://thehackernews.com/2017/05/movie- ... lware.html

How will OpenSubtitles staff ensure their content is clean?

User avatar
oss
Site Admin
Posts: 5879
Joined: Sat Feb 25, 2006 11:26 pm
Contact: Website

Re: insecure subtitles

Tue May 23, 2017 9:16 pm

for now I can say, everything is safe. I checked the test described, and can confirm only penetrator from the security company made some tests on this vulnerability.

Also it is fixed now, so it can not happen in future.

The problem was with the filenames of subtitles and how they handle it in media players.

Now all special characters in filenames are removed.

Dalby
Posts: 2
Joined: Tue May 23, 2017 4:06 pm

Re: insecure subtitles

Tue May 23, 2017 9:29 pm

Thanks for the reply, that is exactly what I was was guessing... Would not make any sense anyhow to allow special characters anyhow I think...

Return to “General talk”

Who is online

Users browsing this forum: No registered users and 30 guests