Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Code to exploit Windows graphics flaw now public
Cnet News ^ | September 22, 200 | Robert Lemos

Posted on 09/23/2004 6:12:16 AM PDT by rit

A sample program hit the Internet on Wednesday, showing by example how malicious coders could compromise Windows computers by using a flaw in the handling of a widespread graphics format by Microsoft's software.

Security professionals expect the release of the program to herald a new round of attacks by viruses and Trojan horses incorporating the code to circumvent security on Windows computers that have not been updated. The flaw, in the way Microsoft's software processes JPEG graphics, could allow a program to take control of a victim's computer when the user opens a JPEG file.

"Within days, you'll likely see (attacks) using this code as a basis," said Vincent Weafer, senior director of security response for antivirus-software company Symantec. "This is dangerous in a sense that everyone processes JPEG files to some degree."

(Excerpt) Read more at news.com.com ...


TOPICS: Crime/Corruption; Technical
KEYWORDS: browser; exploit; getamac; ie; internetexploiter; lowqualitycrap; microsoft; patch; securityflaw; trojan; virus; windows; worm
Navigation: use the links below to view more comments.
first 1-2021-23 next last
I believe this may have been posted yesterday, but this is just a reminder for those stuck in a Microsoft world to apply security patches as appropriate
1 posted on 09/23/2004 6:12:16 AM PDT by rit
[ Post Reply | Private Reply | View Replies]

To: rit

I guess I should start making my images as PNGs...


2 posted on 09/23/2004 6:16:35 AM PDT by smith288 (ejsmithweb.com)
[ Post Reply | Private Reply | To 1 | View Replies]

To: rit

Would this also exploit those jpegs opened by an internet browser?


3 posted on 09/23/2004 6:19:34 AM PDT by avg_freeper (Gunga galunga. Gunga, gunga galunga)
[ Post Reply | Private Reply | To 1 | View Replies]

To: avg_freeper

Internet Explorer browser is vulnerable. Just visiting a web site with a jpeg image on the page that takes advantage of the exploit can infect your computer.


4 posted on 09/23/2004 6:25:26 AM PDT by rit
[ Post Reply | Private Reply | To 3 | View Replies]

To: rit
You'd think that people would get the hint and start using more secure and reliable systems, like Linux or Macs.

Isn't one definition of insanity doing the same thing repeatedly, while expecting different results?

More and more, I'm starting to see microsoft addicts as errily similar to democrats who seem willing to drink whatever kool-aid they are told to.

5 posted on 09/23/2004 6:37:55 AM PDT by zeugma (Face it folks, the Great Experiment is over.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma

Yes, and if 90% of the world uses Macs or Linux, you can expect the same level of viruses on your machine. People write viruses for what's most widely used. It's why I don't use Microsoft Outlook, which alone accounts for a huge percentage of the malicious code out there.


6 posted on 09/23/2004 6:40:24 AM PDT by July 4th (You need to click "Abstimmen")
[ Post Reply | Private Reply | To 5 | View Replies]

To: zeugma

Ooooooooooo, now you went and stepped in it, z. Get your flameproof jammies on; the MS Crowd will be coming for you.


7 posted on 09/23/2004 6:45:46 AM PDT by 7.62 x 51mm (• veni • veni • vino • visa • "I came, I saw, I drank wine, I shopped")
[ Post Reply | Private Reply | To 5 | View Replies]

To: July 4th

"People write viruses for what's most widely used."

Glad to hear a voice of reason among the din created by the anti-Gates, anti-Microsoft crowd. They have their own flavor of Kool-Aid, too. I'm neutral on the whole thing, but I do use Windows, mainly because the choice of available software is so vast.

My main concern is in the recent changes to Windows Update, the mechanism by which diligent users can most effectively combat security issues. You must accept a new update manager before getting any new updates. And the new update manager -- at least, last time I heard -- will decide for you when it's a good time to install Windows XP SP2, which I have on CD and want to apply after the rash of reported program conflicts settles down.


8 posted on 09/23/2004 6:56:02 AM PDT by DJ Frisat (Hand me the duct tape before my head explodes...)
[ Post Reply | Private Reply | To 6 | View Replies]

To: timestax

Please read this thread. Maybe it's time for you to start using my Firefox browser even if you don't like it.


9 posted on 09/23/2004 6:59:21 AM PDT by muggs (Political Correctness and Pandering For Votes Is Going to Get Americans Killed!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: muggs

Switching to Firefox 1.0PR may solve the browsing part, but, people still relying on Outlook or using Word to open an attachment (remember, not everybody makes smart choices), could still fall victim.


10 posted on 09/23/2004 7:03:48 AM PDT by rit
[ Post Reply | Private Reply | To 9 | View Replies]

To: July 4th
There is some truth to that, but it is also true that a large part of the problem with the Windows security situation has to do with fundamental design decisions that are not present on other platforms.

So, if everyone used Mac OS or Linux, yeah, there probably would be some level of exploits floating around, but no, it probably wouldn't be as bad as it is now.

11 posted on 09/23/2004 7:04:13 AM PDT by B Knotts ("John Kerry, who says he doesn't like outsourcing, wants to outsource our national security.")
[ Post Reply | Private Reply | To 6 | View Replies]

To: muggs

Using Opera. Works great. Love my tabbed browsing and pop-up blocker. I just LOOKS better as well.


12 posted on 09/23/2004 7:06:40 AM PDT by Dead Corpse (Albanian: O Zot! Kam sakice ne koke!)
[ Post Reply | Private Reply | To 9 | View Replies]

To: DJ Frisat
Yeah, I think I'll be waiting on SP2 for a while. It looks like the JPEG patch will be available separately, so I'll make sure to do that.

Likewise, I use XP because of the wide variety of software available. I often use programs that simply aren't available on other platforms, or I have certain pieces of hardware that are only truly happy when being run by Windows. It makes absolutely no sense for me to switch, and if I'm simply diligent about making sure the OS, Anti-Virus, and firewall is up to date, everything works perfectly.
13 posted on 09/23/2004 7:50:58 AM PDT by July 4th (You need to click "Abstimmen")
[ Post Reply | Private Reply | To 8 | View Replies]

To: rit

Thankfully he doesn't use Outlook.


14 posted on 09/23/2004 8:08:57 AM PDT by muggs (Political Correctness and Pandering For Votes Is Going to Get Americans Killed!)
[ Post Reply | Private Reply | To 10 | View Replies]

To: Dead Corpse

I'm pretty happy with Firefox but really haven't done much with the tabbed browsing feature but the pop-up blocker is great. Wish I could convince my husband.


15 posted on 09/23/2004 8:11:57 AM PDT by muggs (Political Correctness and Pandering For Votes Is Going to Get Americans Killed!)
[ Post Reply | Private Reply | To 12 | View Replies]

To: July 4th
Yes, and if 90% of the world uses Macs or Linux, you can expect the same level of viruses on your machine.

I see this justification all the time on these threads. I think that it is time to prove it.

If Linux or Macs are just as vulnerable as Windows, surely the expert coders that populate FR could, as a proof of concept, find and exploit a similar graphics flaw and publish the results. Put up or shut up.

16 posted on 09/23/2004 8:16:20 AM PDT by LexBaird (This opinion was tagged and released into the wild. Please report all sightings.)
[ Post Reply | Private Reply | To 6 | View Replies]

To: zeugma
Most of us do not have the level of computer savvy to do much more than go with Microsoft and I.E. Sad, but true.

Carolyn

17 posted on 09/23/2004 8:30:53 AM PDT by CDHart
[ Post Reply | Private Reply | To 5 | View Replies]

To: All

There are already fixes for this bug for Microsoft Office.


18 posted on 09/23/2004 8:32:13 AM PDT by COEXERJ145
[ Post Reply | Private Reply | To 1 | View Replies]

To: July 4th
Yes, and if 90% of the world uses Macs or Linux, you can expect the same level of viruses on your machine.

I keep hearing that, but I never seem to see any. Apache is the most used webserver on the net, yet it's not plagued by the numbers of viruses that IIS is. Sendmail moves the worlds email, yet the same holds true for it.

The problem is that windows "security" sucks. Microsoft still lives in a single-user world, and to this day doesn't understand the concept of a multi-user system, and the security that this requires.

When I boot up my laptop on my wireless network at home, I'm able to launch my mail reader remotely from my desktop computer and have the program run as if I were sitting down at the desktop. Unix was built from the ground up with internet connectivity in mind. Windows wasn't. It shows. You can continue to spend your time dealing with a broken OS that requires constant maintennance to keep it from barfing. I'll use what works, and what works for me, rather than the other way around.

19 posted on 09/23/2004 10:35:58 AM PDT by zeugma (Face it folks, the Great Experiment is over.)
[ Post Reply | Private Reply | To 6 | View Replies]

To: CDHart
Carolyn,

You'd be amazed at how easy it is to do 90% of what most people use computers for with Linux. Neither of my daughters have any problem with it, and they aren't nerds by any stretch of the imagination.

You can even "test drive" Linux via one of the "live" CD distributions like Knoppix. A live knoppix distro boots off of a CD-ROM disk. It contains all the programs you're likely to want, (though it runs a little slowly because it is being loaded from a CD, rather than a hard disk). It doesn't mess with your existing computer setup at all. You can safely play with it and do just about anything you want, because even if you somehow manage to screw it up badly (unlikely), all you have to do to recover is to reboot either back to the CD, or your normal OS. It's a great way to try things out.

20 posted on 09/23/2004 10:43:00 AM PDT by zeugma (Face it folks, the Great Experiment is over.)
[ Post Reply | Private Reply | To 17 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-23 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson