Rudolf Polzer graced us by uttering:
> Does the current AOL software still use IE for viewing websites
> or has it been fixed? At least AOL has taken over Netscape, so
> it might be possible.

Despite rumors I've heard that AOL _will_ be using the Mozilla
libs in v8.0, I believe the AOL 8.0 betas still use MSIE as its
internal browser.  :(

> Or MS Windows (.exe, .scr, .pif), MS Office (.doc, .xls, .mbd)...
> I just removed Magistr.B from an AOL user's computer. Which is a
> PE infecting virus and does not depend on any scripting.

Yes, MS Office files may contain macros that do similar damage.

What is PE?

>> Again, good advice.  Image formats _are_ safe, despite the
>> recent warnings that they've successfully embedded virii in
>> JPG files.
> 
> Doesn't that depend on the viewer?

Not really.  Susceptibility to buffer overruns _will_ depend on
the viewer and whether it limits the size of the buffer.

But if there's an image viewer that extracts native binary code
from the depths of the encoded image file and executes it, you
have a very poor (or custom) viewer.  Under any normal
circumstances, no part of an image file should be "executed."

> One year ago, I read something in alt.comp.virus.source.code
> about someone who thought he was a 31337 h4x0r because he wrote
> an image viewer that could execute code from JPEG comments. But
> that's no serious threat IMHO (except a widely used application
> has such a backdoor - the only example of such an application
> was Quake 2) - and that does not mean JPEG files are dangerous.

Yes, these people give real hackers a bad name.  This is exactly
the kind of viewer I was referring to above.

But if you go around downloading just anything from the web
without considering its source, you're going to get screwed.
IRC-boys will always try to tell you to download programs to erase
your HD, or at least your $HOME dir, whether they promise to
deliver "50% better performance" or just give you the latest
Britney pix.

<sarcasm>I wish I could be as 1337 as them.</sarcasm>

>> Anything marked of content-type text/plain is probably ok, so
>> long as you don't blindly execute it.
> 
> Again: buffer overruns are possible. Netscape 4.5 had one (it crashed
> when there was a line >1024 chars and one viewed the source), but I
> don't know if they were on the stack and therefore exploitable.

I guess I'm just describing virii that depend on user ignorance,
and not on a bug in the program.  Yours are quite valid points as
well.

It's also been so long since I've used MSOE, NS Msgr, or any
Microsoft software (except at school), so I'm probably behind on
just how many flaw Windows has.  =)

Tim Hammerquist
-- 
"Sometimes these hairstyles are exaggerated beyond the laws of physics."
    -- Unknown narrator on Anime