No announcement yet.

OT: Warning re JPEG of DEATH

  • Filter
  • Time
  • Show
Clear All
new posts

  • OT: Warning re JPEG of DEATH

    The jpeg of death vulnerability is being actively exploited. As of today it has been confirmed that a simple and easy to use jpeg virus creation toolkit has been released publicly allowing any idiot to create a viral jpeg image. All systems are vulnerable if they have certain Microsoft software installed.

    See here again if you haven't already patched your system.

    To further explain what this means, if you have vulnerable software such as IE6 on XP and have not downloaded SP2 then someone could post a viral jpeg image on this BBS in a topic and simply viewing it would install a virus. That applies to ANY website. Even better reason to use Firefox, it's not vulnerable.

    [This message has been edited by Evan (edited 09-25-2004).]
    Free software for calculating bolt circles and similar: Click Here

  • #2
    I never installed the GDI addon in windows update, does this virus only work if you installed GDI?


    • #3

      If your system has any of the software listed at the Microsoft link above it is vulnerable. The image handling library is installed automatically when any of those packages are installed. That includes Office XP on Win98 any any other possible configuration. SP2 for XP fixes the problem in IE6 and Outlook/Express but does NOT patch Office or other Microsoft packages on the same computer.
      Free software for calculating bolt circles and similar: Click Here


      • #4
        Sure appreciate all the updates Evan. As you suggested before I downloaded Thunderbird Mozilla and got out of outlook express. I am running 98 with the original office which I never updated so I guess I'm ok.


        • #5
          Am I just paranoid or is the world really out to get me?

          I've heard enough bad things about SP2 that I intended not to install it until the bugs were worked out.
          Seems suspicious that M$ releases SP2 at about the same time the JPEG virus code is cracked, and the supposed fix is SP2. I'd rather set up my preferences to not view pictures.
          Maybe the virus software writers will add JPEG protection.
          I think it's time for another OS to take over preferred status by the masses. Linux, here I come!

          [This message has been edited by vinito (edited 09-25-2004).]


          • #6
            Thanksf for the heads up Evan.
            Windows really sucks.
            The vulnerabilities are never ending.

            I have both Macs and Windows machines. The Macs are worth the price premium of not having to guard against all these viruses, spyware, and security holes that Windows seems vulnerable too. I'll never buy another computer that runs Windows.

            [This message has been edited by bbfmetalworking (edited 09-25-2004).]


            • #7
              Windows sucks. Microsoft sucks. I've been developing hardware and software since 1975 ( ) and have never seen anything so poorly thought out as Windows and Internet security. It's time that people and corporations get FED UP and SPEAK UP. I think the rejection of XP by corporate America is a good step (but only temporary and for the wrong reasons).

              We will spend a trillion F#%$ing tax dollars on cyber security to protect our "delicate" network from this crap because we are stupid.

              I spent almost 2 full days last week unable to get into one of the largest corporate networks in America and do my work.

              RANT OFF

              The lathe, mill and other machines will work for another 100 years or more without any bleeping software upgrades or vulnerabilities. When the computer really gets trashed or I've had enough, it will either get run over by a tractor or sink in about 900 feet of water in one of the lakes up here ... while I go and make chips



              • #8
                I'm not going to argue with the opinions of those who think windows suck.

                But I would like to offer some hope for the poor souls (like me) who do use windows. I have done the SP2 upgrade here and survived.

                Happy computing everyone no matter what your choice of OS.


                • #9
                  Yes,MS does suck,but then again if any of the others had their market share,then they would be having the same trouble.Winblows is just to popular for its own good.

                  I think when someone screws with a system just to cause the rest of the world trouble,when they get caught they should be publicly humiliated for a period of 30 days and then executed in the most painful,slowest,most inhumane way imaginable I still say I could choke them hard enough to make their eyes pop out
                  I just need one more tool,just one!


                  • #10
                    That sounds a bit harsh

                    I'd rather see teenage hackers exploit vulnerabilities and force them to get fixed rather than have pros take down the banking system or hostile pros get into military or industrial systems which have foolishly been left accessible.


                    • #11
                      Unfortunately it's not just the teenage hackers. The Russian mafia is taking over the internet, bigtime. The plan is to use your computer to launch DDOS (Distributed Denial Of Service) attacks against online gambling sites, legal in the UK, using your zombie computer after it has been taken over. A few months ago they did just that during the soccer playoffs for 48 hours, taking down the top UK betting website using 20,000 zombie home computers. When it stopped an anonymous e-mail arrived demanding a fifty thousand pound payment to be deposited to a numbered Swiss account, then they would stop the attacks.

                      A month ago Interpol arrested three people in Russia with the help of the Russian police that were responsible for that attack. It is estimated they gained $750,000 in three months. Many more are stepping in to take their place.
                      Free software for calculating bolt circles and similar: Click Here


                      • #12
                        These holes just shouldnt exist to begin with.


                        • #13
                          Hey Den,

                          I'm making progress on my milling machine. It will be controlled from DOS and it will not be connected to the internet. I am guessing that it will not be able to accidentally make a nuclear bomb when I leave it on.
                          Free software for calculating bolt circles and similar: Click Here


                          • #14
                            evan-- is this the CNC engraver? running dos? boy its going to suck to find that nice new shiny gift you made for your wife, that you spent months and months on, with a finely engraved message of love reading:

                            Error 809x098d8x: File Not Found.

                            do those little engraving tools have erasers on the other side?



                            • #15
                              Free software for calculating bolt circles and similar: Click Here