clyde

Videos here

I have some videos posted of this past weekend's autocross from on the car and from the spectator area. Spun my second run. The car sounds really nice from the outside.

And, yeah, I know that I drove like crap. This ain't no CTS-V. And while 710s don't like much heat, I don't think they're real happy when it's in the low 40s outside either.

Enjoy.

CRX Millennium

iTrader: (1)

Good stuff as always. So you and John coming out to Ripken this Sat? If so, nice to see how TeamWTF gets it done with my own eyes! Pointers please =D

Asher

Man, that's a huge lot. I envy your site.

John V

iTrader: (1)

I'm coming out for sure.

Here's a pointer, watch someone who actually knows what they're doing, which would be neither of us...

clyde

Yeah, I may or may not be there this weekend. Depends on how much work I get done today and tomorrow...I may have to go into work on Saturday to makea deadline. Even if I'm not there, the car should be.

shinronin

you guys philly region or WDCR? i'll be at ripken bright and early as i'm running 1st heat in STU. my 8 is black. see you guys there.
--doug

CRX Millennium

iTrader: (1)

Hey Shinronin,

I met up with you and Nick on 3/18. I was running the gray RX-8 in BS. As for John V and clyde, they are both WDCR regulars. Group D is the last heat, so I'll be there around 11am. Three hr drive from NJ, the crazy thing I do.....

TeamRX8

iTrader: (25)

my security software went nuts, must be the anti-apple version

shinronin

yep, internet worm protection went crazy for me too.

John V

iTrader: (1)

NJ, eh? I have to drive up to Pennsville after the event to meet a guy I bought a set of wheels from. Looks like I'll be shadowing you home after the event.

CRX Millennium

iTrader: (1)

Having John see my tail-light on the way back: PRICELESS!!!

John V

iTrader: (1)

clyde

what are you gonna do?

TeamRX8

iTrader: (25)

first thing I said was, "W.T.F.?!"

Paul_in_DC

Dude, you may want to update your virus software. My Norton Internet Security alerted on your Quicktime file:

Details: Attempted Intrusion "Apple QuickTime and ITunes Overflow" against your machine was detected and blocked.
Intruder: www.teamwtf.org(66.33.197.30)(http(80)).
Risk Level: High.
Protocol: TCP.
Attacked IP: localhost.
Attacked Port: 2870.


You can get detailed information about this attack at Symantec Security Response.

clyde

Is norton configured to allow Quicktime files?

http://docs.info.apple.com/article.html?artnum=302775

Paul_in_DC

Yes. I've downloaded other .mov files without problems in the past. I just checked my updates and I'm up to date. Below I've pasted an article from Symantec describing it. Especially note that there have been no "false positives" reported so far. Also Apple has an advisory out on this.

The link is http://www.symantec.com/avcenter/att...gs/s21529.html


Apple QuickTime and ITunes Overflow
Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a heap based overflow vulnerability that has been reported in Apple QuickTime and ITunes.

Additional Information

A heap-based buffer overflow vulnerability has been reported in Apple QuickTime and iTunes. This issue affects both Mac OS X and Microsoft Windows releases of the software.

This issue may be triggered when the application processes a malformed movie (.MOV) file. It is possible for an attacker to exploit this issue by hosting the file on a malicious Web site or through any other means that will let the attacker transmit the file to a victim user.

The researcher who discovered this issue has stated that the issue will permit a remote attacker to reliably overwrite arbitrary regions of heap-based memory with attacker-specified data. In this manner, it is possible to control execution flow of the affected application. Successful exploitation will result in execution of arbitrary code in the context of the currently logged in user.

Further information reports this issue exists in the 'QuickTime.qts' file which is accessed by many applications to gain QuickTime's functionality. Specially crafted atoms within the movie file can cause a direct heap overwrite, ultimately enabling arbitrary code execution.

This issue affects Apple QuickTime 7.0.3 and iTunes 6.0.1. Earlier versions may also be affected.

Affected:

Apple iTunes 6.0.1
Apple QuickTime Player 7.0.3
Free-codecs.com QuickTime Alternative 1.67

Response

Apple has released advisory APPLE-SA-2006-01-10 and fixes to address this issue.

Apple iTunes 6.0.1:
Apple Upgrade iTunes 6.0.2

Apple QuickTime Player 7.0.3:
Apple Upgrade QuickTime 7.0.4

Possible False Positives

There are no known cases of false positives associated with this signature.

clyde

I've spent a lot of time looking around this evening trying to make sense of this. I can't find a clear description of whether a .mov file can become infected or if it has to be intentionally created to use the exploit. I get the impression that it has to be intentionally created, and if that's the case, it is a false positive...but I'm not clear. If someone that understands this stuff wants to explain it to me in simple language, I'm all ears.

PedalFaster

Short answer: I'd go ahead and open it.

Long answer: While it's technically feasible, I've never heard of an exploit that modifies existing files to make them malicious, or existing authoring programs to surreptitiously generate malicious content. File format vulnerabilities are typically exploited by deliberately hand-crafting malicious files, then enticing users to open them by sending them in mails or embedding them in web pages.

It's possible that a legitimately constructed file could inadvertently trip over a vulnerability. In that case, an antivirus program might correctly flag it as questionable, but opening the file should pose no risk other than the potential for a crash.

Steve
(whose day job is in computer security)