[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Is using player like VLC safe alternative to Flash?



VLC has a lot of stuff going on inside of it.  I would not be
surprised if there were proxy leaks that might be able to be forced by
someone doing something tricky.  Say you enter a url to a flash video
and the content is intercepted and replaced with an RTSP stream that
VLC somehow interprets, and due to a quirk of RTSP makes a request to
a third party domain that isn't proxied?  I have no idea if that's
possible, but I wanted to give some strange example of something VLC
supports that might have a proxy leak in some obscure component.

Likewise, when discussing security vulnerabilities... VLC doesn't have
the best track record.  (See https://www.videolan.org/security/ ).
I'm a big fan of VLC, but I put it in the same category as Pidgin when
it comes to "how far do I trust this program to not have bugs?"

I would love to see someone do an objective test of VLC as opposed to
my subjective hand-waving, but I'm not aware of one.

-tom
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk