Slashdot Mirror
Public Exploit For Windows JPEG Bug
Khoo writes "A sample program hit the Internet on Wednesday, showing by example how malicious coders could compromise Windows computers by using a flaw in the handling of a widespread graphics format by Microsoft's software. Security professionals expect the release of the program to herald a new round of attacks by viruses and Trojan horses incorporating the code to circumvent security on Windows computers that have not been updated. The flaw, in the way Microsoft's software processes JPEG graphics, could allow a program to take control of a victim's computer when the user opens a JPEG file." We mentioned this earlier.
I knew there was something wrong with Goatse when I saw it!
Damn. Now in addition to worring about going blind I also have to worry about catching something.
Does that mean when you watch porn on the Web it is not safe sex anymore? Damn it!!!
Well, no more JPEG porn for windows users. Good thing there's more than enough naughty movie stuff out there. But what if Windows Media Player has another security flaw? No more porn at all?
www.weberseite.at
No, this time it's "Burned by JPEGs" day!
The Tao of math: The numbers you can count are not the real numbers.
You can make a big fucking quilt with all those patches they keep giving out!
Everyone knows that you can be infected having sexual intercourse, however, that you now can even be infected by just looking at porn is rather sad I have to say.
I guess your .sig is apropos. It is NTLM (NT Lan Mangler)...
A house divided against itself cannot stand.
Everyone knew it was a backdoor.
Sincerely,
Pan Tarhei Hosé, PhD.
"Homo sum et cogito ergo odi profanum vulgus et libido."
I think what he meant to say is that in order to be portable, FireFox can't
use system specific libraries to do any rendering. Actually, no I don't. After
reading it again, it looks like he's just wrong.
*sigh* back to work...
You remember when she told you that looking at `those' pictures was bad...
_O_
.|< The named which can be named is not the true named
but it was too late, she'd already been wormed.
_O_
.|< The named which can be named is not the true named
Not too long until we see a remote shell.
;-)
And therein lies the rub. For the people that write these things, it's reaching the point of diminishing returns in terms of getting the tools installed that they need in order to efficiently, remotely manage these boxes. It was all fun and games when you just wanted 10,000 boxes to send out ping-of-deaths or SYN floods, but now you have to manage a farm of zombies and get real work out of them. The competition is fierce and the other guy is trying just as hard as you are to get large-scale admin working, and of course, like all large-scale Windows installations, they're finding that this sucks.
Several things would help:
* A virtual OS layer is needed so that the user can have Windows for their games, but the crackers can do their admin from a maintainable OS. Heck, even DOS would be more managable.
* Users should make themselves available to the crackers for physical admin needs like reboots.
* Microsoft needs to stop pushing these auto-updates. It's not as if the crackers can't find new holes faster than MS can push the updates, but the rapid change to an installed base is just too difficult to remotely manage. Bill: you're killing profits here!
Overall, we just need to start making doing business on the Internet more friendly. I don't understand why people can't understand this!
PS:
Well, most users are, uh, stupid. Even if we used Linux, in order to make it simple enough to use, there will be vulnerabilities. For example, getting people to use "sudo" with a limited account makes sense to you and me, but might confuse the heck out of some newbie in Tennessee.
why tennessee? people from mississippi/alabama/arkanasa stereotypically are much dumberer than we is.
to keep it on topic: by numbers, the likelyhood of a major jpeg-vuln outbreak is much greater in say new york than (god PERSONAL backyard): greeneville, tennessee.
you can't have everything, where would you put it?
I better make sure to convert all of my porn to
... are the books by Microsoft Press.
Safari doesn't crash Damn Windows users always get the new features first! :(
I think I might have it, and I think slashdot might be comprimised! I saw the story on the front page, clicked the link to read more, and all of a suddent Slashdot had this really crappy color scheme.
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
If you're actually using MSN messenger for any reason, you are retarded. Gaim for windows is at v1.0, and will connect to the msn network if you want.
Slashdot has jumped the shark. Bow before your corporate masters.
For what it's worth, it displays just fine by Safari in MacOS 10.3.5.
No errors or crashes.
Tell me what you think of my photos
Wow, those are some pretty nice jpegs! I expecially like the ~~~.&!# No carrier
Call me old fashioned, but I like a dump to be as memorable as it is devastating - Bender
Then mail them an image they want to see. The user will right-click, see a perfectly normal piece of porn and in the meantime will be silently getting owned.
Hands in my pocket
I've come up with the ultimate computer exploit, ever. You make a jpg of goatse, with this exploited code in it. The exploit code runs an application which activates any webcams, if present, and starts taking pictures, which it then sends back to the 31337 h4x0r.
Think of it, an entire gallery of horrified faces, kinda like in The Ring when people's faces went all nasty after watching the video.