| User | Post |
hukka
Posts: 64/94 |
JPEGs do not contain embedded code. Normal TTF Truetype fonts do contain bytecode that is interpreted but AFAIK only old-style Windows bitmap fonts contain code that is directly run by the OS, and even that only when the user is trying to run the font file as an executable. |
neotransotaku
Posts: 1487/4016 |
Embedding code...well, you can thank C's property of allowing pointers to functions for allowing that. Otherwise, the compression algorithms in JPEGs would not be possible since well, how would the operating system run that code? |
HyperLamer
Posts: 1743/8210 |
Originally posted by Cellar Dweller
Would you be surprised to learn that TrueType fonts have embedded code in them?
My god. The morons have got into the computer industry!
I'm scared... |
Smallhacker
Posts: 641/2273 |
Windows is the most used O.S., but it have got more security holes than the "The Matrix" movies had plot holes... Data does not compute... :/ |
DarkSlaya
Posts: 2228/4249 |
Originally posted by BMF54123
I'm never, ever touching IE again.
We now need to make a few thousand people do the same. |
Vim
Posts: 38/42 |
Windows isn't secure? SHOCKER! |
Cellar Dweller
Posts: 157/269 |
Originally posted by HyperHacker
...You're kidding right?
The decompression code is IN THE FILE.
You have to be kidding. That is the stupidest idea EVER.
Would you be surprised to learn that TrueType fonts have embedded code in them?
If JPEG files really have code in them(I doubt that, but I have not read the specs), then the code is certainly executed by an interpreter. |
Tarale
Posts: 460/2720 |
Heh, I heard about this, I find it... interesting. I wonder how many people have been affected? There are exploits out in the wild already, a trojan one in particular, and I know people who have been infected.
Well.... I guess the old saying about how "you can't get a virus just by looking at porn" is no longer true -- at least on the internet level.  |
Boom.dk
Posts: 129/392 |
Originally posted by Surlent
I hope you have at least the Windows Firewall enabled ...
I don't... |
Surlent
Posts: 613/1077 |
Originally posted by Kieran
Seriously... I don't feel threatened. But I pretty much don't care about any security stuff... If my PC gets a problem: Online virus scanner or Format C: (I don't have Norton Ghost )
You ought to be happy you didn't got infected with MS Blast or Agobot. I hope you have at least the Windows Firewall enabled ... although it is, like most of the desktop firewalls, only partially effective against attacks 
The last one is really evil and uses a combination of different backdoors, open ports and exploits - I know some people getting it: They had to format and reinstall Windoze XP to get rid of Agobot
|
Boom.dk
Posts: 128/392 |
Seriously... I don't feel threatened. But I pretty much don't care about any security stuff... If my PC gets a problem: Online virus scanner or Format C: (I don't have Norton Ghost ) |
HyperLamer
Posts: 1728/8210 |
...You're kidding right?
The decompression code is IN THE FILE.
You have to be kidding. That is the stupidest idea EVER. |
BMF98567
Posts: 394/1261 |
Unbelievable. Now Windows can be infected by a frickin' PICTURE.
I'm never, ever touching IE again. |
Cellar Dweller
Posts: 156/269 |
The Windows JPEG decoder is not the only Windows graphics file decoder that has been found to be exploitable. Back when a portion of the Windows source code was leaked, an exploitable bug was found in the BMP RLE decoder. |
DarkSlaya
Posts: 2225/4249 |
A few post ago, it said that I had the updates. Now, Windows Update is downloading SP2, thus waisting the remaining of my monthly bandwidth.  I wanted to download other things.
But yes, this won't do any harm to me. |
FreeDOS
Posts: 770/1657 |
the JPEG format stores the compression algorithm in the file. JPEG viewers simply run the function in the file. This allows exploitation.
BTW, yes, JPEGs can be lossless. Yes, some exist. |
neotransotaku
Posts: 1463/4016 |
Originally posted by Surlent
Windows is just like Swiss Cheese ... full of holes. Now even harmless image files can cause damage
I think it is more of the fact that it is know that JPEG files can carry viruses. This is why (as far as I know) no other picture format is dangerous. So yeah, it is because JPEGs can carry code which is why this exploit is now, well...an exploit. |
DarkSlaya
Posts: 2221/4249 |
Already downloaded when I installed XP. But it's good to know.... I hate those idiots who think that making harm to a computer is fun. Because some people have to spend money after their attack  |
Surlent
Posts: 611/1077 |
My Win XP SP2 is up to date - I installed SP2 right after installation of Windows itself, offline from a SP2 CD. That was on last Tuesday ... and then only one update was left on Windows Update. Installed it - hoping to feel somehow sure.
Windows is just like Swiss Cheese ... full of holes. Now even harmless image files can cause damage
Well, I have my SuSe Linux 9.0 CD here and on E:\, there are 25 GB free ... but I'm too lazy too install and afraid, I can't get my old internal ISDN working in Linux |
Ailure
Posts: 5372/11162 |
...I misread that as Internet explorer. Blame on this blurry screen. 
Still, I use that preview thing alot in Windows explorer. So I can see why it's a problem. Hell include a infected file in a "picture collection", some people download big zip/rar with... art.  |
| This is a long thread. Click here to view it. |
