Register | Login | |||||
Main
| Memberlist
| Active users
| ACS
| Commons
| Calendar
| Online users Ranks | FAQ | Color Chart | Photo album | IRC Chat |
| |
0 user currently in Hardware/Software. |
Acmlm's Board - I2 Archive - Hardware/Software - Big Windoze security hole. Again. | | | |
Pages: 1 2 | Add to favorites | "RSS" Feed | Next newer thread | Next older thread |
User | Post | ||
HyperLamer <||bass> and this was the soloution i thought of that was guarinteed to piss off the greatest amount of people Sesshomaru Tamaranian Level: 118 Posts: 1721/8210 EXP: 18171887 For next: 211027 Since: 03-15-04 From: Canada, w00t! LOL FAD Since last post: 2 hours Last activity: 2 hours |
| ||
Be careful opening JPEGs from now on. I just knew someone would find an exploit in image files sooner or later. I just wonder what programs are affected by it? |
|||
Kitten Yiffer Purple wand Furry moderator Vivent l'exp����¯�¿�½������©rience de signalisation d'amusement, ou bien ! Level: 135 Posts: 5371/11162 EXP: 28824106 For next: 510899 Since: 03-15-04 From: Sweden Since last post: 3 hours Last activity: 4 min. |
| ||
...downloaded the fix against it severeal days ago. "To fall victim to the poisoned pictures, users must view it using Windows Explorer. " And guess what's one of the most used things in Windows XP for many picture collectors? >.> ...I do wonder if there is yet another format that can work as a program. Midi files was another one with a big security threat. Which was fixed awhile ago thought. (edited by Kitten Yiffer on 10-12-04 05:34 AM) |
|||
HyperLamer <||bass> and this was the soloution i thought of that was guarinteed to piss off the greatest amount of people Sesshomaru Tamaranian Level: 118 Posts: 1723/8210 EXP: 18171887 For next: 211027 Since: 03-15-04 From: Canada, w00t! LOL FAD Since last post: 2 hours Last activity: 2 hours |
| ||
Erm, Windows Explorer as in the file browser, not IE. It's got that little preview box. Really, any format that contains strings can be exploited if the program doesn't check its buffers (which Windoze does pretty rarely), and a lot of them do for headers and such. (edited by HyperHacker on 10-12-04 05:27 AM) |
|||
Kitten Yiffer Purple wand Furry moderator Vivent l'exp����¯�¿�½������©rience de signalisation d'amusement, ou bien ! Level: 135 Posts: 5372/11162 EXP: 28824106 For next: 510899 Since: 03-15-04 From: Sweden Since last post: 3 hours Last activity: 4 min. |
| ||
...I misread that as Internet explorer. Blame on this blurry screen. Still, I use that preview thing alot in Windows explorer. So I can see why it's a problem. Hell include a infected file in a "picture collection", some people download big zip/rar with... art. |
|||
Surlent サーレント Level: 49 Posts: 611/1077 EXP: 863920 For next: 19963 Since: 03-15-04 From: Tower of Lezard Valeth Since last post: 16 hours Last activity: 1 hour |
| ||
My Win XP SP2 is up to date - I installed SP2 right after installation of Windows itself, offline from a SP2 CD. That was on last Tuesday ... and then only one update was left on Windows Update. Installed it - hoping to feel somehow sure. Windows is just like Swiss Cheese ... full of holes. Now even harmless image files can cause damage Well, I have my SuSe Linux 9.0 CD here and on E:\, there are 25 GB free ... but I'm too lazy too install and afraid, I can't get my old internal ISDN working in Linux |
|||
DarkSlaya POOOOOOOOOOOORN! Level: 88 Posts: 2221/4249 EXP: 6409254 For next: 241410 Since: 05-16-04 From: Montreal, Quebec, Canada Since last post: 8 hours Last activity: 5 hours |
| ||
Already downloaded when I installed XP. But it's good to know.... I hate those idiots who think that making harm to a computer is fun. Because some people have to spend money after their attack | |||
neotransotaku Baby Mario 戻れたら、 誰も気が付く Level: 87 Posts: 1463/4016 EXP: 6220548 For next: 172226 Since: 03-15-04 From: Outside of Time/Space Since last post: 11 hours Last activity: 1 hour |
| ||
Originally posted by Surlent I think it is more of the fact that it is know that JPEG files can carry viruses. This is why (as far as I know) no other picture format is dangerous. So yeah, it is because JPEGs can carry code which is why this exploit is now, well...an exploit. |
|||
FreeDOS Lava Lotus Wannabe-Mod :< Level: 59 Posts: 770/1657 EXP: 1648646 For next: 24482 Since: 03-15-04 From: Seattle Since last post: 6 hours Last activity: 4 hours |
| ||
the JPEG format stores the compression algorithm in the file. JPEG viewers simply run the function in the file. This allows exploitation. BTW, yes, JPEGs can be lossless. Yes, some exist. |
|||
DarkSlaya POOOOOOOOOOOORN! Level: 88 Posts: 2225/4249 EXP: 6409254 For next: 241410 Since: 05-16-04 From: Montreal, Quebec, Canada Since last post: 8 hours Last activity: 5 hours |
| ||
A few post ago, it said that I had the updates. Now, Windows Update is downloading SP2, thus waisting the remaining of my monthly bandwidth. I wanted to download other things. But yes, this won't do any harm to me. |
|||
Cellar Dweller Flurry !!! Level: 27 Posts: 156/269 EXP: 107817 For next: 8342 Since: 03-15-04 From: Arkansas Since last post: 16 days Last activity: 34 min. |
| ||
The Windows JPEG decoder is not the only Windows graphics file decoder that has been found to be exploitable. Back when a portion of the Windows source code was leaked, an exploitable bug was found in the BMP RLE decoder. | |||
BMF98567 BLACK HAS BUILT A SILLY DICE-MAZE! GO! Current list of BURNING FURY >8( recipients: - Yiffy Kitten (x2) - Xkeeper Level: 53 Posts: 394/1261 EXP: 1094149 For next: 62970 Since: 03-15-04 From: Blobaria Special Move: Rising Meatloaf Backhand Combo Since last post: 21 hours Last activity: 1 hour |
| ||
Unbelievable. Now Windows can be infected by a frickin' PICTURE. I'm never, ever touching IE again. |
|||
HyperLamer <||bass> and this was the soloution i thought of that was guarinteed to piss off the greatest amount of people Sesshomaru Tamaranian Level: 118 Posts: 1728/8210 EXP: 18171887 For next: 211027 Since: 03-15-04 From: Canada, w00t! LOL FAD Since last post: 2 hours Last activity: 2 hours |
| ||
...You're kidding right? The decompression code is IN THE FILE. You have to be kidding. That is the stupidest idea EVER. |
|||
Boom.dk Level: 31 Posts: 128/392 EXP: 168692 For next: 16671 Since: 07-18-04 From: Denmark Since last post: 10 days Last activity: 1 day |
| ||
Seriously... I don't feel threatened. But I pretty much don't care about any security stuff... If my PC gets a problem: Online virus scanner or Format C: (I don't have Norton Ghost ) | |||
Surlent サーレント Level: 49 Posts: 613/1077 EXP: 863920 For next: 19963 Since: 03-15-04 From: Tower of Lezard Valeth Since last post: 16 hours Last activity: 1 hour |
| ||
Originally posted by Kieran You ought to be happy you didn't got infected with MS Blast or Agobot. I hope you have at least the Windows Firewall enabled ... although it is, like most of the desktop firewalls, only partially effective against attacks The last one is really evil and uses a combination of different backdoors, open ports and exploits - I know some people getting it: They had to format and reinstall Windoze XP to get rid of Agobot |
|||
Boom.dk Level: 31 Posts: 129/392 EXP: 168692 For next: 16671 Since: 07-18-04 From: Denmark Since last post: 10 days Last activity: 1 day |
| ||
Originally posted by SurlentI don't... |
|||
Tarale I'm not under the alfluence of incohol like some thinkle peop I am. It's just the drunker I sit here the longer I get. Level: 73 Posts: 460/2720 EXP: 3458036 For next: 27832 Since: 03-18-04 From: Adelaide, Australia Since last post: 4 hours Last activity: 2 hours |
| ||
Heh, I heard about this, I find it... interesting. I wonder how many people have been affected? There are exploits out in the wild already, a trojan one in particular, and I know people who have been infected. Well.... I guess the old saying about how "you can't get a virus just by looking at porn" is no longer true -- at least on the internet level. |
|||
Cellar Dweller Flurry !!! Level: 27 Posts: 157/269 EXP: 107817 For next: 8342 Since: 03-15-04 From: Arkansas Since last post: 16 days Last activity: 34 min. |
| ||
Originally posted by HyperHacker Would you be surprised to learn that TrueType fonts have embedded code in them? If JPEG files really have code in them(I doubt that, but I have not read the specs), then the code is certainly executed by an interpreter. |
|||
Vim Red Goomba Level: 11 Posts: 38/42 EXP: 5538 For next: 447 Since: 09-14-04 Since last post: 353 days Last activity: 308 days |
| ||
Windows isn't secure? SHOCKER! | |||
DarkSlaya POOOOOOOOOOOORN! Level: 88 Posts: 2228/4249 EXP: 6409254 For next: 241410 Since: 05-16-04 From: Montreal, Quebec, Canada Since last post: 8 hours Last activity: 5 hours |
| ||
Originally posted by BMF54123 We now need to make a few thousand people do the same. |
|||
Smallhacker Green Birdo SMW Hacking Moderator Level: 68 Posts: 641/2273 EXP: 2647223 For next: 81577 Since: 03-15-04 From: Söderhamn, Sweden Since last post: 10 hours Last activity: 9 hours |
| ||
Windows is the most used O.S., but it have got more security holes than the "The Matrix" movies had plot holes... Data does not compute... :/ |
Pages: 1 2 | Add to favorites | "RSS" Feed | Next newer thread | Next older thread |
Acmlm's Board - I2 Archive - Hardware/Software - Big Windoze security hole. Again. | | | |