Free Republic
Browse · Search 		Bloggers & Personal
Topics · Post Article

To: mlo

> There is no virus hiding in web pictures,
> and any technical writer who says there is,
> isn't worth listening to.

Here's authoritative site isc.incidents.org:

"No warning will be displayed. The user does
not have to click on any links. Just visiting
an infected site will trigger the exploit."

Now I haven't seen a full technical description
of the base exploit, but I wouldn't necessarily
rule out an image-based hack.

Suppose the run-length or dictionary-size encoding
in an image file doesn't match the actual data
provided. Has MSIE been checked against all
possible malformed variants of all supported
graphics file types?

Microsoft appears to be using Russian mobsters
to check their code for vulnerabilities. There
has to be a way of performing QA that isn't so
hard on the internet and MS customers :-)


31 posted on 06/25/2004 7:37:58 PM PDT by Boundless
[ Post Reply | Private Reply | To 18 | View Replies ]

To: Boundless
It attaches a short javascript to every outgoing file. Regarding image files doing the infecting, this is what the ISC site says:
"- Will the javascript attached to images be executed? No. The javascript attached to images is harmless. It's the JavaScript attached to the .htm or .html files that gets executed, forcing the browser to connect to the Russian site."
Although this is obvious to many technical people, it is apparently not to some Linux journal writers and FR posters.
74 posted on 06/25/2004 10:06:44 PM PDT by mlo
[ Post Reply | Private Reply | To 31 | View Replies ]

Free Republic
Browse · Search 		Bloggers & Personal
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson