Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
The coming JPEG crisis
Old 09-28-2004, 10:37 PM   #1
Thinks s/he gets paid by the post
wabmester's Avatar
 
Join Date: Dec 2003
Posts: 4,459
The coming JPEG crisis

Hey, if you thought the Y2K "bug" was fun, check this out. A JPEG exploit:

http://www.internetweek.com/breaking...cleID=47903548

Microsoft has already made a patch available, but this is the sort of thing that will infect just about every unpatched system on the planet. Let's just hope there aren't any nuke plants being run by unpatched MSFT code.
__________________

__________________
wabmester is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Re: The coming JPEG crisis
Old 09-29-2004, 06:28 AM   #2
 
Posts: n/a
Re: The coming JPEG crisis

I am ambivalent. Some days I would like to take a ball bat to this infernal machine (think Luddites). It's
spawn of Satan (should that be in caps??). I sure
would miss all of you fine folks though.......

John Galt
__________________
  Reply With Quote
Re: The coming JPEG crisis
Old 09-29-2004, 10:37 AM   #3
 
Posts: n/a
Re: The coming JPEG crisis

If you are running Windows XP you can download the update which fixes the jpeg vulnerabiity here:

http://www.microsoft.com/technet/sec.../MS04-028.mspx
__________________
  Reply With Quote
Re: The coming JPEG crisis
Old 09-29-2004, 10:58 AM   #4
Thinks s/he gets paid by the post
 
Join Date: Jun 2004
Location: No. California
Posts: 1,600
Re: The coming JPEG crisis

The company I work for has virus infected emails flying around with the attachments 'price.cpl' or joke.cpl' . Started late yesterday.
__________________
KB is offline   Reply With Quote
Re: The coming JPEG crisis
Old 09-29-2004, 11:15 AM   #5
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
cute fuzzy bunny's Avatar
 
Join Date: Dec 2003
Location: Losing my whump
Posts: 22,697
Re: The coming JPEG crisis

I'd recommend installing XP service pack 2, which is not vulnerable to this and many other 'gaps'. I've been running it since early release candidates and have had no problems.
__________________
Be fearful when others are greedy, and greedy when others are fearful. Just another form of "buy low, sell high" for those who have trouble with things. This rule is not universal. Do not buy a 1973 Pinto because everyone else is afraid of it.
cute fuzzy bunny is offline   Reply With Quote
Re: The coming JPEG crisis
Old 09-29-2004, 11:23 AM   #6
Thinks s/he gets paid by the post
wabmester's Avatar
 
Join Date: Dec 2003
Posts: 4,459
Re: The coming JPEG crisis

Quote:
The company I work for has virus infected emails flying around with the attachments 'price.cpl' or joke.cpl' . Started late yesterday.
CPL is a "control panel applet". That's a more traditional attack that requires you to click on an attachment to become infected.

A JPEG exploit will probably be much more difficult to detect and prevent. This is about the nastiest thing I can imagine.

Somewhere, a group of Russian hackers sympathetic to Muslim extremists are coding up the Blue Screen of Death virus....

Oh, I can see it now. Two weeks after the bogus results from the election are detected (Windows powers some of the new electronic voting machines), and the power grid goes down, the Homeland Security Department will put us on Red Alert and issue an advisory to disable graphics on your web browser, stop reading email, and resume life as normal
__________________
wabmester is offline   Reply With Quote
Re: The coming JPEG crisis
Old 09-29-2004, 05:48 PM   #7
 
Posts: n/a
Re: The coming JPEG crisis

I see some pro-Kerry ads that fault Bush for being against the "Homeland Security Dept" and the
"9/11 Commission", subsequently supporting them.
IMHO he had it right the first time.

John Galt
__________________
  Reply With Quote
Re: The coming JPEG crisis
Old 09-29-2004, 07:08 PM   #8
Full time employment: Posting here.
 
Join Date: Nov 2002
Posts: 768
Re: The coming JPEG crisis

Quote:
I'd recommend installing XP service pack 2, which is not vulnerable to this and many other 'gaps'.
I have service pack 2, but the MicroSoft automatic update web site told me to download the patch any way. *I had no idea if it was needed or not, but I downloaded it because update told me to. *I hope my machine doesn't melt as a result of my ignorance of such things. *
__________________
Michael is offline   Reply With Quote
Re: The coming JPEG crisis
Old 10-06-2004, 04:33 AM   #9
Dryer sheet aficionado
 
Join Date: Mar 2004
Posts: 39
Re: The coming JPEG crisis

Quote:
A JPEG exploit will probably be much more difficult to detect and prevent. * This is about the nastiest thing I can imagine.
Actually, it's not that difficult for AV software to detect. The only problem is that it can take a bit more time to scan the JPEG files (as the entire file needs to be processed). Fortuantely, it can be detected with 100% accuracy, so when a new virus comes out using this exploit, the AV software will start blocking it immediately (rather than having to wait until the AV company provides new virus definitions).
-Scott
__________________
IDunno is offline   Reply With Quote
Re: The coming JPEG crisis
Old 10-06-2004, 10:13 AM   #10
Thinks s/he gets paid by the post
wabmester's Avatar
 
Join Date: Dec 2003
Posts: 4,459
Re: The coming JPEG crisis

Quote:
Actually, it's not that difficult for AV software to detect.
You're assuming the AV software knows what to look for and that it has an opportunity to scan before you're infected.

You know that naked Uma Thurman picture you just browsed? It quietly infected your machine with a worm that will lie dormant until Dec 25, 2004. At which point, worms will rise early in the morning, infect other machines on your internal network, and then leave you a nasty surprise.

Or maybe nothing will happen. Who knows? Unfortunately, there are bad guys out there, and this Windows bug will interest them.
__________________
wabmester is offline   Reply With Quote
Re: The coming JPEG crisis
Old 10-06-2004, 12:17 PM   #11
Dryer sheet aficionado
 
Join Date: Mar 2004
Posts: 39
Re: The coming JPEG crisis

Quote:
You're assuming the AV software knows what to look for and that it has an opportunity to scan before you're infected.
That is a good point. If a web browser doesn't save the file before displaying it (or saves the file, and continues to display the picture even if it does not save properly), you can get infected.

Although the AV software can easily detect the exploit, it can't do so if it doesn't see the file. This exploit is really changing how AV software needs to work.

Quote:
You know that naked Uma Thurman picture you just browsed?
Uh-oh -- I guess I better get that anti-spyware program. How did you know about that picture
-Scott
__________________
IDunno is offline   Reply With Quote
Re: The coming JPEG crisis
Old 10-06-2004, 01:20 PM   #12
Full time employment: Posting here.
 
Join Date: Nov 2002
Posts: 768
Re: The coming JPEG crisis

Quote:
It quietly infected your machine with a worm that will lie dormant until Dec 25, 2004.
I scan my computer with its indigenous virus detector, 2 ad detectors, and one trojan detector. Then use several free on line detectors (e.g., Norton, House Call, Panda). Then I print out a Hijack This log to see if anything suspicious is running, and ping my machine for open ports that trojans commonly use from an on line service, and keep my firewall on. I patch with MSFT upgrades. What more can I do to protect my machine? Can it still have hidden viruses and trojans on my machine, waiting for Doomsday to activate? These things confuse me.
__________________
Michael is offline   Reply With Quote
Re: The coming JPEG crisis
Old 10-06-2004, 03:29 PM   #13
Thinks s/he gets paid by the post
wabmester's Avatar
 
Join Date: Dec 2003
Posts: 4,459
Re: The coming JPEG crisis

If you've got a patched Win2k/xp system, you're covered. No other operating systems are vulnerable. My concern isn't so much that my own individual machines might be vulnerable, it's more that this type of exploit will likely find its way past most corporate security measures, so it's potentially a more potent vector than we've seen before.

Then again, it could be nothing. Continue life as usual
__________________
wabmester is offline   Reply With Quote
Re: The coming JPEG crisis
Old 10-07-2004, 12:36 AM   #14
Full time employment: Posting here.
 
Join Date: Nov 2002
Posts: 768
Re: The coming JPEG crisis

Quote:
If you've got a patched Win2k/xp system, you're covered.
Thanks Wab. I have the latest MSFT XP patches. I will continue life as usual. I just like to solve puzzles, and the thought that secret code might be on my machine is a marvelous puzzle that I can't resist following up on.
__________________

__________________
Michael is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
$2000 Leather recliner coming apart at the seams kbst Other topics 6 12-18-2006 03:52 PM
Market direction for this coming week ? frayne Other topics 28 07-19-2006 11:04 AM
THE COMING HUGE DEPRESSION anthony FIRE and Money 15 12-12-2005 01:53 PM
Coming Crisis.. What to do? Ol_Rancher FIRE and Money 20 07-24-2004 08:44 AM
Scott Burns' book 'The Coming Generational Storm' intercst FIRE and Money 10 06-06-2004 11:13 AM

 

 
All times are GMT -6. The time now is 12:51 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.