Jump to content

Major Graphics Flaw Threatens Windows PCs

Synapse

By Synapse
in Networks and the Internet

 Share

Recommended Posts

Synapse

Synapse

Posted
Posted

From CNET..

Major Graphics Flaw Threatens Windows.

The code is now public... It seems that only Windows products are affected. so all you people that haven't switched.. should switch to FireFox ASAP. Also.. Windows SP2 patched machines should be fine according to CNET. saying that the Flaw is only SP1 users.

while FireFox won't completly stop the problem your system should be fine as long as you don't save and view any Jpeg files in a windows product..., this just proves how Flawed Windows is. along with Internet Explorer. Just think.. what if i had made my signature to use this flaw... anyone running IE6 with SP1 would now be infected just by reading this.

SWITCH TO FIREFOX!

*EDIT*

seems like this has been around since September?!? and i never heard of it.....

well.. read more here Clicky seems like the code going public to allow the buffer overflow was released today though.. so there will or could be a massive amount of Jpegs that use this exploit released in the next couple days, weeks, months....

and since i seem to be slow, make sure you update update update!

and more info about this.... US-CERT

Link to comment
Share on other sites

  • 2 weeks later...
maxXPsoft

maxXPsoft

Posted
Posted

One thing is that the sites that would put this stuff up probably are questionable anyway so if you visiting you know that already. Does that make sense? You probably won't find this stuff on the majority of web sites.

Like this also was on one of those sites but I done it intentionally for the knowledge. http://maxxpsoft.com/files/adwarejunk.html

Link to comment
Share on other sites
CoffeeFiend

CoffeeFiend

Posted
Posted
One thing is that the sites that would put this stuff up probably are questionable anyway so if you visiting you know that already. Does that make sense? You probably won't find this stuff on the majority of web sites.

Like this also was on one of those sites but I done it intentionally for the knowledge. http://maxxpsoft.com/files/adwarejunk.html

Actually, I must disgree on that one even though it seems to be the logical thing to think. A few (somewhat?) reputable websites have been affected by nasty things like that lately such as theregister (it was actually their advertizer that was hacked - details).

Some people say there are rootkits going around for current exploits too. Add server vulnerabilities (yours and your advertizer's), slow patching (both by people running servers and home users, and the time it takes for a patch to come out sometimes) and a browser I couldn't recommend. What you get? Not sure, but it can't be pretty. That's also why we're filtering IFrames at the firewall now.

Anyways, all this to make a point: you're not as safe as you think you may be.

(Advertizers can deliver bad content on good sites, unpatched exploits on servers can get good sites infected, ...) It's kinda funny to see all these issues arising all the time - if you're not a IE user that is ;)

Link to comment
Share on other sites
Synapse

Synapse

Posted
  • Author
Posted

I agree with crahak, I could put one of those flawed Jpegs as my signature and anyone that viewed this post would get infected... so even though MSFN is a trusted site, by me having my signature a flawed jpeg wouldn't make it a safe site. if that made sence.. lol.

Link to comment
Share on other sites
maxXPsoft

maxXPsoft

Posted
Posted

Hmmm thinking of it that way I guess your right about using the image in your sig. But the major place will be those sites I mentioned just like that spyware/ad crap.

But,

I will not be swayed to use a certain browser because of BS :no:

Crap like this has been going on for so many year's all this scare tactic's about new vulnerabilities and one browser better than another, so what. They'll release a fix sooner or later and I am not afraid to lose my PC, that's why I have my UnattendXP ready and waiting. I do use Maxthon though and its based off the same engine they referring to I would guess.

This site could also turn off allowing images in sigs but must we get to that point? I don't think so but it's their option. Just for the record I do have Firefox installed but it's not my primary browser and I don't think I see it being in that spot unless Maxthon wants my money.

But then maybe the ADMINS better turn off all images on this site and everyone run and turn off all of them on your own site, hurry now :whistle:

Link to comment
Share on other sites
CoffeeFiend

CoffeeFiend

Posted
Posted

Turning sigs off is useless. You'd have to basically turn advertizing kind of pictures and such off - everywhere on the web... And there's more issues than that (like the new IFrames one) and there's more to come...

I have to agree with gamehead200 here - firefox all the way.

Link to comment
Share on other sites
maxXPsoft

maxXPsoft

Posted
Posted

Sure theres more to come and when they target Firefox for something what ya gonna do?

Stick head in sand or hide in a hole or jump to the next newest thing, I don't think so Tim. I'm just not the type to go running scared.

I just went and downloaded that Firefox 1.0 cause last version i had was around 0.87 or whatever but old. Anyway's I was using Mozilla 1.8 nightly prior to the Maxthon and last Firefox I had sucked and i had uninstalled. One thing I do see is those Mozilla things don't render the images very good, plain butt ugly or maybe some can't tell the difference.

I'll try this 1.0 afterwhile and see if its any better. First have to go see if theres any Unattended stuff on it.

Nowaday's its better to have an alternate plan. Just in case!!!

Link to comment
Share on other sites
Mekrel

Mekrel

Posted
Posted
Hmmm thinking of it that way I guess your right about using the image in your sig. But the major place will be those sites I mentioned just like that spyware/ad crap.

But,

I will not be swayed to use a certain browser because of BS :no:

Crap like this has been going on for so many year's all this scare tactic's about new vulnerabilities and one browser better than another, so what. They'll release a fix sooner or later and I am not afraid to lose my PC, that's why I have my UnattendXP ready and waiting. I do use Maxthon though and its based off the same engine they referring to I would guess.

This site could also turn off allowing images in sigs but must we get to that point? I don't think so but it's their option. Just for the record I do have Firefox installed but it's not my primary browser and I don't think I see it being in that spot unless Maxthon wants my money.

But then maybe the ADMINS better turn off all images on this site and everyone run and turn off all of them on your own site, hurry now   :whistle:

Sorry but you seem to be missing the point,

1. Viruses when they get on your system can do some nasty stuff, fair enough your system can be cleaned and reformated etc, and there should be no harm to your hardware. But for the time that those viruses are on your computer they can steal and send information to other people who want to use that info malicously. Things even as legitimate game keys you have on your computer, stole and used to activate warez versions of games.

2. You should think the internet as being a driver on the road. First thing I was taught in my driving lessons was that im responsible for mine and others safety who also use the roads. Same with computers, those who do not keep protected, up to date and secure increase the spreading ability of viri, as we all know they duplicate themselves and send to to other etc, etc...

As for waiting for a patch, how old is windows XP??

Its only just got its second major service pack which fixes things which should have been fixed ages ago :} , yeah there are the hotfixes - but still these dont come quick enough when you take into consideration the time it takes to catch the virus, identify the fix, code it and release it. Comes to something when a 3rd party app like firefox shows a multi billion turn over company how it should be done.

Fair enough microsoft certainly doesnt have its fans, and is probably targeted more. But surely that means they should be extra vigelant?

Firefox/ Opera just makes sence to use. I remember the rendering of FF in the 0.8 releases but 1.0 rendering is a whole lot faster :)

Link to comment
Share on other sites
maxXPsoft

maxXPsoft

Posted
Posted (edited)
Sorry but you seem to be missing the point
No actually I'm not, I am a responsible user and I know and I mean know what goes on in my PC cause I keep up on all this stuff, it don't happen unless I know it. If I miss it then at least next day I will see a difference in something. I've been the only danger to my comp since I started using with my own experiments. I'll even experiment with blocking .jpgs with certain code on my own. I keep backups and am extra vigilante against things going in and out. I'm not a chicken going to run scared every time I hear this stuff man, thats all there is to it.

The problem is the unknowing users out there that by far outweigh everyone else. They probably read a passing headline about this and have no clue WT heck that means.

Nope this Firefox 1.0 just don't match up. The graphic's just aren't there yet but it is a lot better than the 0.8. Thats the reason I gave up Linux cause it sucked at graphic's. Also reason I dropped Mozilla for the Maxthon. They'll get better in time and I may switch then.

My Gawd man,

Look at the other links on that page, it even has a Winamp flaw on security. You gonna delete Winamp also ?????????????????????

Oh yeah someone gonna pipe back and say they use so and so because of that, save it, heard it before.

Fair enough microsoft certainly doesnt have its fans, and is probably targeted more. But surely that means they should be extra vigelant?

You're exactly right on that one. They ought to hire me at about a million a year to destroy their stuff for testing.... :thumbup

EGADS: Just trying to paste something and add Quotes around it this Firefox failed, hmmm

Edited by maxXPsoft
Link to comment
Share on other sites
CoffeeFiend

CoffeeFiend

Posted
Posted
Nope this Firefox 1.0 just don't match up. The graphic's just aren't there yet but it is a lot better than the 0.8.

Firefox really blows away IE when it comes to rendering (other than the couple IE only non-standards compliant crappy websites), I don't know what you're onto here. I have yet to see a browser not "render images" correctly. I have no idea what you're calling butt ugly here, IE's the only butt ugly browser I've came across in a while.

You also try to make a point about firefox exploits but, the thing is, it's made with good coding practices, it's a million times safer than IE will ever be. The user base is mostly IE too, so IE is the prime target for scum too (also happens to be the easiest to compromise). When firefox has an exploit? The patching will be faster, the extent of what's affected should be lesser, etc. IE users are dreaming to see something compromise firefox, but I doubt we'll see it anytime soon. And about winamp flaws, no that won't switch me away as it's not exposed to the web and they have updated/fixed versions (I doubt it's weaknesses will render your PC useless like IE would do either). All software have flaws - but IE *IS* a flaw. Look at how much of the updates you download on WU are because of IE/OE (and what's part of the SPs). That's about half of them. It's by FAR the single most unreliable unsecure app I've ever seen. It's the only app I'd really switch to anything else.

Firefox rocks.

[edit] By the way, other sites affected by ad servers include NBC/Universal, The Golf Channel, The A&E Network and Sony Pictures Digital and a whole lot more.

Link to comment
Share on other sites
Mekrel

Mekrel

Posted
Posted
My Gawd man,

Look at the other links on that page, it even has a Winamp flaw on security. You gonna delete Winamp also ?????????????????????

No, but you need pages like the register, and other IT security websites, so that security risks are logged and explained in detail to those who use those products.

Thats why IE is hated so much, its been mentioned on the Register god knows how many times IE security flaws have been logged on there.

I can see your point though, but no - you shouldnt stop using that software as other software like your firewall should stop unwanted stuff contacting the net.

Imagine if we didnt know about the viri out there, you would be contantly getting infected :}

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...