|
09-28-2004, 09:37 PM
|
#1
|
Thinks s/he gets paid by the post
Join Date: Dec 2003
Posts: 4,459
|
The coming JPEG crisis
Hey, if you thought the Y2K "bug" was fun, check this out. A JPEG exploit:
http://www.internetweek.com/breaking...cleID=47903548
Microsoft has already made a patch available, but this is the sort of thing that will infect just about every unpatched system on the planet. Let's just hope there aren't any nuke plants being run by unpatched MSFT code.
|
|
|
|
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!
Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!
You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!
|
Re: The coming JPEG crisis
09-29-2004, 05:28 AM
|
#2
|
|
Re: The coming JPEG crisis
I am ambivalent. Some days I would like to take a ball bat to this infernal machine (think Luddites). It's
spawn of Satan (should that be in caps??). I sure
would miss all of you fine folks though.......
John Galt
|
|
|
Re: The coming JPEG crisis
09-29-2004, 09:58 AM
|
#4
|
Thinks s/he gets paid by the post
Join Date: Jun 2004
Location: No. California
Posts: 1,858
|
Re: The coming JPEG crisis
The company I work for has virus infected emails flying around with the attachments 'price.cpl' or joke.cpl' . Started late yesterday.
|
|
|
Re: The coming JPEG crisis
09-29-2004, 10:15 AM
|
#5
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Dec 2003
Location: Losing my whump
Posts: 22,708
|
Re: The coming JPEG crisis
I'd recommend installing XP service pack 2, which is not vulnerable to this and many other 'gaps'. I've been running it since early release candidates and have had no problems.
__________________
Be fearful when others are greedy, and greedy when others are fearful. Just another form of "buy low, sell high" for those who have trouble with things. This rule is not universal. Do not buy a 1973 Pinto because everyone else is afraid of it.
|
|
|
Re: The coming JPEG crisis
09-29-2004, 10:23 AM
|
#6
|
Thinks s/he gets paid by the post
Join Date: Dec 2003
Posts: 4,459
|
Re: The coming JPEG crisis
Quote:
The company I work for has virus infected emails flying around with the attachments 'price.cpl' or joke.cpl' . Started late yesterday.
|
CPL is a "control panel applet". That's a more traditional attack that requires you to click on an attachment to become infected.
A JPEG exploit will probably be much more difficult to detect and prevent. This is about the nastiest thing I can imagine.
Somewhere, a group of Russian hackers sympathetic to Muslim extremists are coding up the Blue Screen of Death virus....
Oh, I can see it now. Two weeks after the bogus results from the election are detected (Windows powers some of the new electronic voting machines), and the power grid goes down, the Homeland Security Department will put us on Red Alert and issue an advisory to disable graphics on your web browser, stop reading email, and resume life as normal
|
|
|
Re: The coming JPEG crisis
09-29-2004, 04:48 PM
|
#7
|
|
Re: The coming JPEG crisis
I see some pro-Kerry ads that fault Bush for being against the "Homeland Security Dept" and the
"9/11 Commission", subsequently supporting them.
IMHO he had it right the first time.
John Galt
|
|
|
Re: The coming JPEG crisis
09-29-2004, 06:08 PM
|
#8
|
Full time employment: Posting here.
Join Date: Nov 2002
Posts: 768
|
Re: The coming JPEG crisis
Quote:
I'd recommend installing XP service pack 2, which is not vulnerable to this and many other 'gaps'.
|
I have service pack 2, but the MicroSoft automatic update web site told me to download the patch any way. *I had no idea if it was needed or not, but I downloaded it because update told me to. *I hope my machine doesn't melt as a result of my ignorance of such things. *
|
|
|
Re: The coming JPEG crisis
10-06-2004, 03:33 AM
|
#9
|
Dryer sheet aficionado
Join Date: Mar 2004
Posts: 39
|
Re: The coming JPEG crisis
Quote:
A JPEG exploit will probably be much more difficult to detect and prevent. * This is about the nastiest thing I can imagine.
|
Actually, it's not that difficult for AV software to detect. The only problem is that it can take a bit more time to scan the JPEG files (as the entire file needs to be processed). Fortuantely, it can be detected with 100% accuracy, so when a new virus comes out using this exploit, the AV software will start blocking it immediately (rather than having to wait until the AV company provides new virus definitions).
-Scott
|
|
|
Re: The coming JPEG crisis
10-06-2004, 09:13 AM
|
#10
|
Thinks s/he gets paid by the post
Join Date: Dec 2003
Posts: 4,459
|
Re: The coming JPEG crisis
Quote:
Actually, it's not that difficult for AV software to detect.
|
You're assuming the AV software knows what to look for and that it has an opportunity to scan before you're infected.
You know that naked Uma Thurman picture you just browsed? It quietly infected your machine with a worm that will lie dormant until Dec 25, 2004. At which point, worms will rise early in the morning, infect other machines on your internal network, and then leave you a nasty surprise.
Or maybe nothing will happen. Who knows? Unfortunately, there are bad guys out there, and this Windows bug will interest them.
|
|
|
Re: The coming JPEG crisis
10-06-2004, 11:17 AM
|
#11
|
Dryer sheet aficionado
Join Date: Mar 2004
Posts: 39
|
Re: The coming JPEG crisis
Quote:
You're assuming the AV software knows what to look for and that it has an opportunity to scan before you're infected.
|
That is a good point. If a web browser doesn't save the file before displaying it (or saves the file, and continues to display the picture even if it does not save properly), you can get infected.
Although the AV software can easily detect the exploit, it can't do so if it doesn't see the file. This exploit is really changing how AV software needs to work.
Quote:
You know that naked Uma Thurman picture you just browsed?
|
Uh-oh -- I guess I better get that anti-spyware program. How did you know about that picture
-Scott
|
|
|
Re: The coming JPEG crisis
10-06-2004, 12:20 PM
|
#12
|
Full time employment: Posting here.
Join Date: Nov 2002
Posts: 768
|
Re: The coming JPEG crisis
Quote:
It quietly infected your machine with a worm that will lie dormant until Dec 25, 2004.
|
I scan my computer with its indigenous virus detector, 2 ad detectors, and one trojan detector. Then use several free on line detectors (e.g., Norton, House Call, Panda). Then I print out a Hijack This log to see if anything suspicious is running, and ping my machine for open ports that trojans commonly use from an on line service, and keep my firewall on. I patch with MSFT upgrades. What more can I do to protect my machine? Can it still have hidden viruses and trojans on my machine, waiting for Doomsday to activate? These things confuse me.
|
|
|
Re: The coming JPEG crisis
10-06-2004, 02:29 PM
|
#13
|
Thinks s/he gets paid by the post
Join Date: Dec 2003
Posts: 4,459
|
Re: The coming JPEG crisis
If you've got a patched Win2k/xp system, you're covered. No other operating systems are vulnerable. My concern isn't so much that my own individual machines might be vulnerable, it's more that this type of exploit will likely find its way past most corporate security measures, so it's potentially a more potent vector than we've seen before.
Then again, it could be nothing. Continue life as usual
|
|
|
Re: The coming JPEG crisis
10-06-2004, 11:36 PM
|
#14
|
Full time employment: Posting here.
Join Date: Nov 2002
Posts: 768
|
Re: The coming JPEG crisis
Quote:
If you've got a patched Win2k/xp system, you're covered.
|
Thanks Wab. I have the latest MSFT XP patches. I will continue life as usual. I just like to solve puzzles, and the thought that secret code might be on my machine is a marvelous puzzle that I can't resist following up on.
|
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
» Recent Threads
|
|
|
|
|
|
|
|
|
|
|
|
|
» Quick Links
|
|
|