Author Topic: xp service pack 2 (Read 990 times)

Clifra Jones · « **Reply #15 on:** May 31, 2005, 10:55:37 AM »

OK guys, let's clear up the mysteries:

1. If you are "always on" without a firewall are you at risk?

A) Possibly, Blackhats (aka hackers) will run port scanners against knows subnets (lists of IP addresses) looking for open ports. Finding one they may try and attack. Are you at risk of this? Lets look at the possibilities.

As we all know, Windows has shown some serious vulnerabilities in the past. Blackhats try and take advantage of these. 99% of attacks are perpetrated on "KNOWN" vulnerabilities. Most of these vulnerabilities are known for some time before the attack occurs. One of the most famous was the SQL bug. This was a know vulnerability for 6 months and a patch was out for it before some bad guys took down many high profile systems. How did this happen? Because their IT guys were knuckleheads!

So, you are vulnerable if:

1) You are running an unpatched OS. MS has very little support any more for Win 9x systems so if your using win9x or ME then I would say you are vulnerable to a point, probably a small point though. Check for update regularly, at least once or twice a week.

2) You allow web sites to install unsafe programs. We all know about spyware and spamware. BE SAFE this is how most blackhats get in. If a site offers you something for free, DON"T DO IT!

Case in point: The most recent case of hacking perpetrated on the Lexux/Nexux network was done by a teenager talking sex with an undercover cop. He sent him an infected JPG file (supposedly of a nude young girl he was posing as). The file contained a worm that allowed him to steal passwords off the cops PC. One of these was a username and password for Lexux/Nexus.

3) Keep your virus softaware up to date. Never surf without this active and up to date.

4) If you do not know who sent you the file, DO NOT OPEN IT!

Conclusion:
If you turn off your firewall/virus protection while playing AH I would say you are fairly safe as long as your OS is up to date on all patches. Of course you should turn all of this back on when you are finished playing.

Remember: Hackers/Blackhats are like vampires. They usually can't come in unless you've done something to invite them in.

stantond · « **Reply #16 on:** May 31, 2005, 02:35:04 PM »

How can a .jpg file be infected with a worm/virus? I think that is an urban legend.

Regards,

Malta

Note: I have seen .scr screen savers in Windows have backdoor programs. However, that is due to a vulnerability in how Windows handles those files.

Elyeh · « **Reply #17 on:** May 31, 2005, 02:50:09 PM »

Quote

Originally posted by stantond
How can a .jpg file be infected with a worm/virus? I think that is an urban legend.

Regards,

Malta

Note: I have seen .scr screen savers in Windows have backdoor programs. However, that is due to a vulnerability in how Windows handles those files.

Was gonna ask the same thing.
A .jpg cannot be infected as it does not execute.

Elyeh · « **Reply #18 on:** May 31, 2005, 02:53:42 PM »

Also There is a difference between Hackers and crackers

There is another group of people who loudly call themselves hackers, but aren't. These are people (mainly adolescent males) who get a kick out of breaking into computers and phreaking the phone system. Real hackers call these people ‘crackers’ and want nothing to do with them. Real hackers mostly think crackers are lazy, irresponsible, and not very bright, and object that being able to break security doesn't make you a hacker any more than being able to hotwire cars makes you an automotive engineer. Unfortunately, many journalists and writers have been fooled into using the word ‘hacker’ to describe crackers; this irritates real hackers no end.

The basic difference is this: hackers build things, crackers break them.

Never heard of "blackhat"

http://www.plethora.net/~seebs/faqs/hacker.html

http://www.catb.org/~esr/faqs/hacker-howto.html

Clifra Jones · « **Reply #19 on:** May 31, 2005, 03:32:43 PM »

Quote

Originally posted by Elyeh

Never heard of "blackhat"

A term my old boss and current security consultant uses. Never knew how widely used it was.

Clifra Jones · « **Reply #20 on:** May 31, 2005, 03:38:18 PM »

Quote

Originally posted by stantond
How can a .jpg file be infected with a worm/virus? I think that is an urban legend.

Regards,

Malta

Note: I have seen .scr screen savers in Windows have backdoor programs. However, that is due to a vulnerability in how Windows handles those files.

No legend here is the article:

http://wired.com/news/business/0,1367,67629,00.html?tw=wn_tophead_2

And here is how JPG fiels can be infected.

http://www.f-secure.com/news/items/news_2004100500.shtml

(there is a patch for this)

StarOfAfrica2 · « **Reply #21 on:** May 31, 2005, 03:46:47 PM »

LOL

A .jpg cant infect? Depends.

Quote

What is the GDI+ JPEG Vulnerability

GDI+ is a programming interface or API that enables programs to use graphics and formatted text on a video display or printer. A vulnerability, GDI+ JPEG Vulnerability, was found in the DLL gdiplus.dll used by GDI+ that has faulty code when processing JPEG images. People who know how this code can be exploited can craft a specially designed JPEG that can exploit this bug and possibly take control of your machine. If you view an image using an application that has this vulnerability, then it is possible for the remote program to issue commands on your computer at the same security level as your user account. Therefore if your user account is an administrator of your machine, then the remote code will have administrative privileges and be able to have full access to the security of your computer.

Microsoft has released an update for this vulnerability which you can get by going to Windows Update for the operating system update and Office Update for the Microsoft office update. Be sure to do those updates immediately as this tutorial assumes you already have them and is focused on resolving issues for 3rd party applications that may be affected by the GDI+ JPEG vulnerability.

spothq · « **Reply #22 on:** May 31, 2005, 05:09:50 PM »

Quote

Originally posted by stantond
How can a .jpg file be infected with a worm/virus? I think that is an urban legend.

Regards,

Malta

Note: I have seen .scr screen savers in Windows have backdoor programs. However, that is due to a vulnerability in how Windows handles those files.

A JPEG, or any file is just that, a file. Any file can be infected.

stantond · « **Reply #23 on:** May 31, 2005, 09:11:40 PM »

Ok,

A .jpg can be infected, but with what? That's the same as saying an ascii file can be infected with a virus/worm. A .jpg is a data format for compressed images, much like .gif or .bmp or .png files are just data files. Image files are just data files.

I think there has to be an infection in the viewer for any 'virus' or 'worm' information to be transmitted from a data file (which is what a .jpg file is). Sounds pretty unlikely to me.

Regards,

Malta

Elyeh · « **Reply #24 on:** May 31, 2005, 11:50:08 PM »

If you read the article the detective downloaded a SLIDESHOW.
This was the exe file, NOT THE INDIVUAL JPEGS.

Also in the last article they didnt really say anything.... Just that there might be a problem in the future.

(FROM THE ARTICLE)
Image files, including the JPG-format commonly used for storing for example digital photos, are usually considered safe. There are many e-mail viruses that fool users to execute program files by masquerading them as picture files. But these viruses are always stored as an executable file and antivirus scanners will still scan the file and detect the virus. Even if the file looks like a picture to the end user. Viruses based on the newly discovered vulnerability would however be stored as real JPG-files. This means that many antivirus scanners, including some products from F-Secure, would consider these files as safe and pass them through without scanning. Users of antivirus products need to review the scanning settings and ensure that picture files are scanned properly, IF A JPG-VIRUS BECOMES WIDESPREAD.

Again a jpeg... a.jpg file will not execute therefore no worm/virus

StarOfAfrica2 · « **Reply #25 on:** June 01, 2005, 01:20:30 AM »

Elyh, it says it right there in your own post.

Quote

Viruses based on the newly discovered vulnerability would however be stored as real JPG-files. This means that many antivirus scanners, including some products from F-Secure, would consider these files as safe and pass them through without scanning. Users of antivirus products need to review the scanning settings and ensure that picture files are scanned properly, IF A JPG-VIRUS BECOMES WIDESPREAD.

Now, if you are up to date on your security downloads, the JPEG vulnerability is plugged, and you dont have to worry about it, A/V or no. Also, to be fair, JPG viruses are NOT widespread, or all that common. They jumped on this one fairly quick and fixed it. So the list of vulnerable people is probably pretty small (although 98 and ME users could be in that list). But the virus in this case is stored as a regular JPG file. You can most certainly have viruses infect you that are not outwardly executeable. If you download the file, thats all the "execution" that is necessary. Other, predetermined criteria will execute the virus, not you.

Elyeh · « **Reply #26 on:** June 01, 2005, 03:01:28 AM »

Yes and no....
The virus is a exe disguised to look as a .jpg

According to the article it could happen. Its says it WOULD be stored as a normal.jpg file.

It seems that its still speculation. Article never claimed it has actually been done yet..... Just it could happen

As of right now though, the .jpg is harmless.... its the code added to it that makes it become a virus.

Not to dispute this, and i agree its something to watch for.

The only point I was trying to make was that a plain ole .jpg is harmless. I had the feeling that the poster was maybe paranoid to open a .jpg file based on what they read.

I was just letting him know that 99.9% a .jpg is just that....
a data file.

It would by like saying if I open my eyes I'll get blinded.....
Yes and no. It depends what I look at when I open them.

Key points to follow.....
If you dont reconize the sender.... delete the email if it has an attachment.

look at the properties of the attachment. If you dont reconize it dont open it.

SOA2....... I enjoy these debates,
thanks

Clifra Jones · « **Reply #27 on:** June 01, 2005, 10:16:24 AM »

OK, all this back and forth on the JPG vulerability misses the whole point of my original post.

99% of attacks are perpetrated against KNOWN vulnerabilities. If you fail to keep your OS up to date you are in danger.

The biggest excuse I hear about why this is not done is, "well, I don't want some patch crashing my system(s)". This is just BS and I hear it from so called professionals. I have nt had an MS update crash any of my systems or cause any real issues in a long, long time.

Eagler · « **Reply #28 on:** June 01, 2005, 10:37:21 AM »

this jpg has a bunch of them

Clifra Jones · « **Reply #29 on:** June 01, 2005, 11:38:38 AM »

But those are not worms...

Aces High Bulletin Board

Author Topic: xp service pack 2 (Read 990 times)

Clifra Jones

xp service pack 2

stantond

xp service pack 2

Elyeh

xp service pack 2

Elyeh

xp service pack 2

Clifra Jones

xp service pack 2

Clifra Jones

xp service pack 2

StarOfAfrica2

xp service pack 2

spothq

xp service pack 2

stantond

xp service pack 2

Elyeh

xp service pack 2

StarOfAfrica2

xp service pack 2

Elyeh

xp service pack 2

Clifra Jones

xp service pack 2

Eagler

there are worms in jpgs

Clifra Jones

xp service pack 2