Public Exploit For Windows JPEG Bug
Khoo writes "A sample program hit the Internet on Wednesday, showing by example how malicious coders could compromise Windows computers by using a flaw in the handling of a widespread graphics format by Microsoft's software. Security professionals expect the release of the program to herald a new round of attacks by viruses and Trojan horses incorporating the code to circumvent security on Windows computers that have not been updated. The flaw, in the way Microsoft's software processes JPEG graphics, could allow a program to take control of a victim's computer when the user opens a JPEG file." We mentioned this earlier.
Damn. Now in addition to worring about going blind I also have to worry about catching something.
Does that mean when you watch porn on the Web it is not safe sex anymore? Damn it!!!
It's a gaping security hole.
By summer it was all gone...now shesmovedon. --
You can make a big fucking quilt with all those patches they keep giving out!
Everyone knew it was a backdoor.
Sincerely,
Pan Tarhei Hosé, PhD.
"Homo sum et cogito ergo odi profanum vulgus et libido."
Not too long until we see a remote shell.
;-)
And therein lies the rub. For the people that write these things, it's reaching the point of diminishing returns in terms of getting the tools installed that they need in order to efficiently, remotely manage these boxes. It was all fun and games when you just wanted 10,000 boxes to send out ping-of-deaths or SYN floods, but now you have to manage a farm of zombies and get real work out of them. The competition is fierce and the other guy is trying just as hard as you are to get large-scale admin working, and of course, like all large-scale Windows installations, they're finding that this sucks.
Several things would help:
* A virtual OS layer is needed so that the user can have Windows for their games, but the crackers can do their admin from a maintainable OS. Heck, even DOS would be more managable.
* Users should make themselves available to the crackers for physical admin needs like reboots.
* Microsoft needs to stop pushing these auto-updates. It's not as if the crackers can't find new holes faster than MS can push the updates, but the rapid change to an installed base is just too difficult to remotely manage. Bill: you're killing profits here!
Overall, we just need to start making doing business on the Internet more friendly. I don't understand why people can't understand this!
PS: