SecurityFocus: MP3 Files Not Always Safe. [via MetaFilter: Stick with WinAMP, not RealOne or WMP] The problem here is not that real MP3-formatted songs are dangerous, but that malicious users can make Windows Media Player files (which, like everything else in Microsoft’s world, can contain dangerous scripting hacks), rename them to foo.mp3, and Windows Media Player will still play them. Solution: use WinAMP, which doesn’t play these fake Windows Media Player files-masquerading-as-MP3-files. (RealOne has the same problem. Don’t use that either.)
Update: apparently RealOne does not have the problem after all. Just Windows Media Player. There are, of course, lots of good reasons not to use RealOne, but this is not one of them.
§
I am no longer accepting public comments on this post, but you can use this form to contact me privately. (Your message will not be published.)
§
firehose ‧ code ‧ music ‧ planet
© 2001–8 Mark Pilgrim