[geeks] Zune DoS attack?
Charles Shannon Hendrix
shannon at widomaker.com
Mon Nov 20 00:39:22 CST 2006
I was reading some reviews of the Microsoft Zune, and two flaws
mentioned in several reviews caught my eye:
The first is the privacy settings.
The Zune broadcasts what you are listening to and some other
information. The security settings are either broadcast what you are
listening to, or do that and also some other information.
Why not an option to broadcast nothing, or disable sharing completely?
The next releated problem is that anyone can send you a file, and the
Zune interrupts playback to ask for permission to receive the file.
This is a convienient way to DoS a Zune.
Zune users who want to be jackasses can do so easily with the above two
flaws.
But it also occurs to me that once the Zune protocols are figured out,
someone could use a laptop or handheld to annoy any Zune users within
range without much effort.
Scenarios:
Hell's Angels with Zune players drive by Mr. Milquetoaste who is
currently listening to "YMCA" by the Village People.
Black man with Zune listening to Zunecast of "I have a dream..."
walks by Zune wielding skinheads. Assuming they don't beat him up,
he is bombarded with file transfer requests for Adolf Hitler's
Nuremburg speech.
...and so on. I'm partially joking, but really, I think they should
update the firmware to disallow sharing or at least make it a background
task, and a security setting that disabled all information broadcast to
other players.
Yes, I know that other handheld units of various kinds have problems
like this.
--
shannon "AT" widomaker.com -- ["There are nowadays professors of
philosophy, but not philosophers." ]
More information about the geeks
mailing list