Microsoft warns of poisoned picture peril
“There was a time when the idea of a malicious image file was absurd enough to be the topic of an April Fools joke. One early and widely-circulated hoax message dating from 1994 warned users of a computer virus infecting the comment field of JPEG files.
“It was someone saying that just looking at a JPEG on your screen can get you a virus,” recalls Rob Rosenberg, editor of the debunking site Vmyths.com. “In ’94 it was a myth, but in ’04 it’s the real thing… We’ve got the JPEG of death now.”
An attacker can potentially craft a special JPEG file to take control of a victim’s machine when the user views the image through Internet Explorer, Outlook, Word, and other programs. Windows XP, Windows Server 2003 and Office XP are vulnerable. At present Macs are not vulnerable to the virus.
[Via MacMinute.]
KnowIT by RSS
It’s probably worthwhile pointing out that multiple vulnerabilities have been found in the BSD derivative commonly named OS-X. Have a look here:
http://www.securitytracker.com/archives/underlyingos/1432.html
So while it may be fun to point a finger at Microsoft and Windows, don’t be so sure that these sorts of vulnerabilities don’t exist in OS-X.
If you *really* feel like being fair and treating software security seriously, you may want to mention that there was recently a vulnerability in libPNG with buffer overruns which affected lots of programs running on a wide range of operating environments. OS-X and Safari were not immune.
http://www.securitytracker.com/alerts/2004/Aug/1010907.html
You’ll see that I pointed out that “at present” Macs aren’t affected. I believe that the bad guys are out there hacking away at everything and that no-one can afford to believe they are somehow magically immune. Sooner or later the bad guys will “break” anything. After all, in the real world people escape from maximum security prisons, break into maximum security institutions and get into all sorts of places where they’re not meant to be.
Add your Comment