Announcement

Collapse
No announcement yet.

Mac-o-philes can ignore this (for now)

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Mac-o-philes can ignore this (for now)

    But anybody running Windows XP or Win2003 without SP2 could be vulnerable to a new type of hack attack.

    This one infects your system when you click on a picture (JPEG). Currently, the only affected JPEGs seem to be from adult sites (tsk tsk).

    Read here for more info:http://aolsvc.news.aol.com/news/arti...24054609990001

    Thank god I'm on the trailing edge and am still puttering along at home on Win98 (patched almost daily by my corporate Norton).

    Miulang
    "Americans believe in three freedoms. Freedom of speech; freedom of religion; and the freedom to deny the other two to folks they don`t like.” --Mark Twain

  • #2
    Re: Mac-o-philes can ignore this (for now)

    Some of us don't use AOL.

    What will exactly happen if we do click on this picture?
    How'd I get so white and nerdy?

    Comment


    • #3
      Re: Mac-o-philes can ignore this (for now)

      Originally posted by adri1456
      Some of us don't use AOL.

      What will exactly happen if we do click on this picture?
      Hi Adrian:
      Here's the whole story...I've also seen the same thing in my morning push mail from InfoWeek, Network Computing, etc.

      Hackers Target New Microsoft JPEG Flaw
      By PAUL GEITNER, AP

      NEW YORK (Sept. 29) - In a harbinger of security threats to come, hackers have exploited a newly announced flaw in Microsoft Corp. programs and begun circulating malicious code hidden in images that use the popular JPEG format.

      Software tools to create the malicious images began appearing last month, and this week security experts saw images employing them posted on adult-oriented Usenet newsgroups.

      To get the malicious code, a visitor must download the image and view it using Microsoft's Windows Explorer software, said Oliver Friedrichs, senior manager with Symantec Security Response.

      The computer then contacts a server to obtain code that would let an attacker take over the machine remotely.

      Friedrichs said the current exploit is fairly limited but that he expects future attempts to create malicious images that would work on the more popular Outlook and Internet Explorer programs, also made by Microsoft.

      The Internet Storm Center at the SANS Institute said an image it found, disclosed on the BugTraq security mailing list, only caused computers to crash in tests, but ''we suspect that a working exploit is very close to widespread availability.''

      Computers with updated versions of anti-virus software should be protected, according to SANS center. Microsoft also has a software patch to fix the flaw and said users who have the Service Pack 2 security update for Windows XP are not affected.

      Microsoft disclosed the flaw in question on Sept. 14. It affects people running Windows XP, Windows Server 2003 and later versions of Office.

      People who have earlier versions of Windows or Office may also be affected if they are running some specialized applications, such as Digital Image Pro and Visio 2002. The flaw is in a technology that is used to render JPEG images.


      AP-NY-09-29-04 1311EDT
      "Americans believe in three freedoms. Freedom of speech; freedom of religion; and the freedom to deny the other two to folks they don`t like.” --Mark Twain

      Comment


      • #4
        Re: Mac-o-philes can ignore this (for now)

        MS security bulletin ms04-028

        read the link above, it will tell you the apps affected and lets you d/l patches.

        this vulnerability is dangerous because there is code floating around showing you how to exploit this vulnerability. the same happened with the sasser, blaster worms. after published code was released, sasser was born 2 days later. blaster took about a week.
        Fair and Balanced

        Comment


        • #5
          Re: Mac-o-philes can ignore this (for now)

          Given that JPEG is a common interchangeable file format, this is something for even us Mac users to at least know about.
          I'm still here. Are you?

          Comment


          • #6
            Re: Mac-o-philes can ignore this (for now)

            Originally posted by mel
            Given that JPEG is a common interchangeable file format, this is something for even us Mac users to at least know about.
            Problem right now is, there's no patch for the Mac OS! Is Apple gonna wait until it gets reports from CERT or Symantec or McAfee that Macs are impacted, or is Apple gonna be proactive?????

            Miulang
            "Americans believe in three freedoms. Freedom of speech; freedom of religion; and the freedom to deny the other two to folks they don`t like.” --Mark Twain

            Comment


            • #7
              Re: Mac-o-philes can ignore this (for now)

              If you upgrade to XP SP2 you should be ok and be uneffected by this virus.
              Check out my blog on Kona issues :
              The Kona Blog

              Comment


              • #8
                Re: Mac-o-philes can ignore this (for now)

                Given that JPEG is a common interchangeable file format, this is something for even us Mac users to at least know about.
                The exploit isn't in the JPEG format (which is, after all, a global data standard), but in how a built-in Windows component (GDI+) interprets a JPEG file. Or rather, how it doesn't, because it works by exploiting how Windows fails to contain its own processes after it encounters a "corrupted" JPEG image. It's one of many hacks that take advantage of the relative chaos that results when Windows hits something it doesn't expect.

                So, no, in this case, Mac folks are not affected. That doesn't mean that Mac users are always immune, and it pays to see how Windows and Microsoft react to these things... else Mac users will be caught unawares when a big virus scare does eventually hit.

                If you upgrade to XP SP2 you should be ok and be uneffected by this virus.
                Not neccessarily. Although XP SP2 doesn't have the vulnerable GDI+ component, it is present in some Microsoft Office, Visio, and Project installations. In fact, even if you patched your system, if you later install a program that bundles an older gdiplus.dll file, you could get this vulnerability back.

                Comment


                • #9
                  Re: Mac-o-philes can ignore this (for now)

                  Originally posted by pzarquon
                  Not neccessarily. Although XP SP2 doesn't have the vulnerable GDI+ component, it is present in some Microsoft Office, Visio, and Project installations. In fact, even if you patched your system, if you later install a program that bundles an older gdiplus.dll file, you could get this vulnerability back.

                  I stand corrected, I had forgotten about the MS Office etc
                  angle to this too. In that case if you have MS Office you need
                  to patch that individually as far as I understand.
                  Check out my blog on Kona issues :
                  The Kona Blog

                  Comment


                  • #10
                    Re: Mac-o-philes can ignore this (for now)

                    So, no, in this case, Mac folks are not affected. That doesn't mean that Mac users are always immune, and it pays to see how Windows and Microsoft react to these things.
                    That's why keep up reading about the Windows world. It is only a matter of time before some hack out there decides to write something destructive for the Mac... or even Linux or Unix....
                    I'm still here. Are you?

                    Comment


                    • #11
                      Re: Mac-o-philes can ignore this (for now)

                      So now, moa worse, dis JPEG vulnerability. Today dey reporting dat people using AOL IM (AIM)--eida PC or MAC-- can get tricked to go to links dat get da JPEG wit da worm insai.

                      Ova hea: http://news.zdnet.com/2100-1009_22-5...tag=zdnn.alert

                      Miulang
                      "Americans believe in three freedoms. Freedom of speech; freedom of religion; and the freedom to deny the other two to folks they don`t like.” --Mark Twain

                      Comment


                      • #12
                        Re: Mac-o-philes can ignore this (for now)

                        More about the JPEG flaw: this other company says even updated virus protection might NOT keep this thing from infecting your PC.

                        More here: http://news.zdnet.com/2100-1009_22-5388633.html

                        Miulang

                        Practice safe computing: don't open any pictures at all--no matter what format! on your desktop. Go borrow someone else's machine when you want to go look at a picture on the computer...
                        "Americans believe in three freedoms. Freedom of speech; freedom of religion; and the freedom to deny the other two to folks they don`t like.” --Mark Twain

                        Comment

                        Working...
                        X