Public Exploit For Windows JPEG Bug
Khoo writes "A sample program hit the Internet on Wednesday, showing by example how malicious coders could compromise Windows computers by using a flaw in the handling of a widespread graphics format by Microsoft's software. Security professionals expect the release of the program to herald a new round of attacks by viruses and Trojan horses incorporating the code to circumvent security on Windows computers that have not been updated. The flaw, in the way Microsoft's software processes JPEG graphics, could allow a program to take control of a victim's computer when the user opens a JPEG file." We mentioned this earlier.
0 comments? Ah well, fr1st fs0t.
Get your own free personal location tracker
omg troll.
Haven't they discovered the advantages of shared objects and dynamic linking yet? On my box I have literally hundreds of programs which were vulnerable to PNG exploits. All I did was write "apt-get upgrade" and forget about it to have them all patched at once after downloading a single 100kB package. When a similar vulnerability is found in Microsoft code everyone screams bloody murded, CNET writes about it, Slashdot writes about it, there is film at eleven and worms start to wreak havoc for years because, as you said, it is "hard to patch." But no, it is Linux that is somehow "not ready for the desktop."
Sincerely,
Pan Tarhei Hosé, PhD.
"Homo sum et cogito ergo odi profanum vulgus et libido."
To modify Schneier's Law a little, anybody can write a piece of software so secure that they themself cannot crack it.
In the open source camp, nobody needs to write a JPEG viewer, because it's already been done once, and done right. Only the closed source crowd can't touch it, because we wrote it for everyone to share, not for some people to lock away. So they have to write their own, and they still get it wrong.
All the claimed faults with Windows really come down to one failing, and it isn't one that Microsoft is going to do anything about: No access to the source code. The only way to ever be certain what any piece of software does is by examining the source code.
I've run right out of sympathy for Windows users. If you are still running Windows after all this, you deserve everything that happens to you. Understand this one thing: Windows is never, ever going to get any better. It can't; because as long as good guys outnumber bad, closed source will always be less secure than open source. Cut your losses now and switch to a better operating system. You can live without your favourite Windows applications; but the longer you leave it, the harder it will get.
Je fume. Tu fumes. Nous fûmes!
...the pictures 0wn YOU!