"Zeruel333 The Hentai One" <zeruel333@aol.comanimefan> wrote:
> >Scripsit ille Tim Hammerquist <tim@vegeta.ath.cx>:
> >> Rudolf Polzer graced us by uttering:
> >> > Does the current AOL software still use IE for viewing websites
> >> > or has it been fixed? At least AOL has taken over Netscape, so
> >> > it might be possible.
> >>
> >> Despite rumors I've heard that AOL _will_ be using the Mozilla
> >> libs in v8.0, I believe the AOL 8.0 betas still use MSIE as its
> >> internal browser.  :(
> >>
> >> > Or MS Windows (.exe, .scr, .pif), MS Office (.doc, .xls, .mbd)...
> >> > I just removed Magistr.B from an AOL user's computer. Which is a
> >> > PE infecting virus and does not depend on any scripting.
> >>
> >> Yes, MS Office files may contain macros that do similar damage.
> >>
> >> What is PE?
> >
> >"Portable Executable", the Win32 executable format. The normally used
> >format on Linux is ELF, so I think you get what it means.
> >
> >> >> Again, good advice.  Image formats _are_ safe, despite the
> >> >> recent warnings that they've successfully embedded virii in
> >> >> JPG files.
> >> >
> >> > Doesn't that depend on the viewer?
> >>
> >> Not really.
> >
> >I meant that it depends on the viewer whether a virus in the JPG file
> >can be executed or not.
> >
> >> Susceptibility to buffer overruns _will_ depend on the viewer and
> >> whether it limits the size of the buffer.
> >>
> >> But if there's an image viewer that extracts native binary code
> >> from the depths of the encoded image file and executes it, you
> >> have a very poor (or custom) viewer.
> >
> >Quake2 contained a backdoor that allowed the ID Software subnet to send
> >console commands to the Q2 server (after some time, the backdoor was
> >removed). So how do you know if IrfanView has a backdoor? You can't
> >unless you have the time to disassemble it.
> >
> >> Under any normal circumstances, no part of an image file should be
> >> "executed."
> >
> >Of course. Even more correct: under any circumstances, no part of an
> >image file should be executed.
> >
> >I saw only one exception: "compiled sprites" that were in fact machine
> >code that displays an image on the screen (very popular on DOS games
> >which used Mode X). But such sprites have to be compiled at run time -
> >the machine code of an image must not be saved and then called an
"image
> >file".
> >
> >> > One year ago, I read something in alt.comp.virus.source.code
> >> > about someone who thought he was a 31337 h4x0r because he wrote
> >> > an image viewer that could execute code from JPEG comments. But
> >> > that's no serious threat IMHO (except a widely used application
> >> > has such a backdoor - the only example of such an application
> >> > was Quake 2) - and that does not mean JPEG files are dangerous.
> >>
> >> Yes, these people give real hackers a bad name.  This is exactly
> >> the kind of viewer I was referring to above.
> >>
> >> But if you go around downloading just anything from the web
> >> without considering its source, you're going to get screwed.
> >
> >Which meaning of the word "source" do you mean? The author of the
> >program or its code?
> >
> >> IRC-boys will always try to tell you to download programs to erase
> >> your HD, or at least your $HOME dir, whether they promise to
> >> deliver "50% better performance" or just give you the latest
> >> Britney pix.
> >
> >I never met one who tried. I'm in the wrong channel... all I get are
> >mails with 0190 dialers for Windows that supposedly allow access to XXX
> >sites. As if I needed them and was too stupid to find free ones... but
> >these dialers don't work because I don't have a modem/ISDN card and
> >because I don't have Windows.
> >
> >> >> Anything marked of content-type text/plain is probably ok, so
> >> >> long as you don't blindly execute it.
> >> >
> >> > Again: buffer overruns are possible. Netscape 4.5 had one (it
crashed
> >> > when there was a line >1024 chars and one viewed the source),
> >
> >BTW: If it's exploitable, it can be made more effective by opening a
> >window of a "view-source://"-URL.
> >
> >> > but I don't know if they were on the stack and therefore
> >> > exploitable.
> >>
> >> I guess I'm just describing virii that depend on user ignorance,
> >
> >You mean - for example - using OE for external mail and news? ^_^
> >
> >> and not on a bug in the program.  Yours are quite valid points as
> >> well.
> >>
> >> It's also been so long since I've used MSOE, NS Msgr, or any
> >> Microsoft software (except at school), so I'm probably behind on
> >> just how many flaw Windows has.  =)
> >
> >Don't you read Bugtraq and Securityfocus?
> >
> >And Windows does not have many flaws (except design flaws - Windows
*is*
> >one). But most of the applications do. Maybe Win2k Server had more
> >(security flaws * time until they were fixed) than some Linux or *BSD
> >distributions which contain a much bigger selection of applications...
> >
>
> ??
> this is all going over my head

*Looks up*
Yeah, you even read past the first 5 words? That's where I get lost!
--
Carpe Jugulum
Disaster
Disaster's Fan Fiction - http://www.disfanfic.net
DSE - For the Public - http://www.disfanfic.net/DSE
JAE FAQ - http://www.evafaq.com
Pen^3's JAE FAQ - http://faq.pen3.cjb.net
Convention Reports - http://www.disfanfic.net/conventions