Return to Unfiction unforum
 a.r.g.b.b 
FAQ FAQ   Search Search 
 
Welcome!
New users, PLEASE read these forum guidelines. New posters, SEARCH before posting and read these rules before posting your killer new campaign. New players may also wish to peruse the ARG Player Tutorial.

All users must abide by the Terms of Service.
Website Restoration Project
This archiving project is a collaboration between Unfiction and Sean Stacey (SpaceBass), Brian Enigma (BrianEnigma), and Laura E. Hall (lehall) with
the Center for Immersive Arts.
Announcements
This is a static snapshot of the
Unfiction forums, as of
July 23, 2017.
This site is intended as an archive to chronicle the history of Alternate Reality Games.
  

The time now is Tue Nov 19, 2024 8:55 pm
All times are UTC - 4 (DST in action)		 View posts in this forum since last visit
View unanswered posts in this forum
Calendar
 Forum index » Archive » Archive: MetaCortechs » MetaCortechs: General/Updates
[LOCKED] [Alert]Can we trust Metacortechs.com?
View previous topicView next topic
Page 2 of 2 [26 Posts]   Goto page: Previous 1, 2
Author Message
bakntime
Unfettered

Joined: 31 Oct 2003
Posts: 462
Location: back in time
ExecNight wrote:
I was gonna infect a .jpg and put it here for an example first then i thought it might get me in trouble..So i am just gonna give a link which you can see it is possible..And this link won't tell you how to do it sorry that would not be legal...

http://www.ananova.com/news/story/sm_607293.html


Yeah, but notice the article says

Quote:

"In its current form, an infected JPG file sent to a friend or placed on a Web site isn't dangerous without the extractor file. "


The "infected" JPG on it's own is harmless. You need to already have another program installed that would then associate itself with your JPG files... This program would have to be run by you at some point.

They also say this:

Quote:

But Mr Gullotto says there's no reason a virus writer couldn't stuff the entire virus code into the JPG, making the picture file a virus itself.


But I have no idea how that would work. There has to be something executed - and JPG files just don't get executed by current operating systems - they get viewed. I'd like Mr. Gullotto to explain exactly how you could pull that one off...

Anyway, it's not that viruses couldn't be "masked" by a tricky file name, such as imagename.jpg.exe or look.jpg.pif, but I think the real point here is that it's doubtful the guys/gals making this game would go through all that work just to infect some people with a virus. I can think of a dozen easier ways to go about it.

PostPosted: Tue Nov 04, 2003 5:46 pm
Last edited by bakntime on Tue Nov 04, 2003 5:48 pm; edited 1 time in total
 View user's profile
 Back to top 
ExecNight
Greenhorn

Joined: 03 Nov 2003
Posts: 9

 		But Mr Gullotto says there's no reason a virus writer couldn't stuff the entire virus code into the JPG, making the picture file a virus itself.

Please read the whole news Exclamation

PostPosted: Tue Nov 04, 2003 5:47 pm
 View user's profile
 Back to top 
Azathoth666
Unfettered

Joined: 09 Oct 2003
Posts: 321
Location: OZ-tralia

 		Exec, I read the whole news.

I am not alarmed... I don;t think you should be either.

It's cool, its all cool. Find your dolphin, man...
Wink Cool
_________________
We don't stop playing because we grow old.
We grow old because we stop playing.

PostPosted: Tue Nov 04, 2003 5:50 pm
 View user's profile
 Back to top 
ExecNight
Greenhorn

Joined: 03 Nov 2003
Posts: 9

 		Oh and please pay attention to when this news was written Wink


Story filed: 17:53 Thursday 13th June 2002

PostPosted: Tue Nov 04, 2003 5:52 pm
 View user's profile
 Back to top 
AnthraX101
Entrenched

Joined: 18 Mar 2003
Posts: 797
ExecNight wrote:
But Mr Gullotto says there's no reason a virus writer couldn't stuff the entire virus code into the JPG, making the picture file a virus itself.

Please read the whole news Exclamation


Then Mr. Gullotto does not know how data formats work. There is nothing in the JPEG standard which would allow for the arbitrary execution of code. If no code can be executed (just data rendered) there is no method, through the spec, for inserting a virus.

Feel free to post an "infected" jpg here if it is possible. It would be a huge flaw in modern computing.

AnthraX101

PostPosted: Tue Nov 04, 2003 5:53 pm
Last edited by AnthraX101 on Tue Nov 04, 2003 5:54 pm; edited 1 time in total
 View user's profile
 Back to top 
bakntime
Unfettered

Joined: 31 Oct 2003
Posts: 462
Location: back in time
ExecNight wrote:
But Mr Gullotto says there's no reason a virus writer couldn't stuff the entire virus code into the JPG, making the picture file a virus itself.

Please read the whole news Exclamation


Yeah, unfortunately for Mr. Gullotto, no file named .jpg will EVER infect my computer as it is currently configured. I don't care what you "stuff" into it, a JPG file is a JPG file. It's a data file that, on my computer, is setup to be viewed only. If you "stuff" a virus into a JPG file, it STILL has to be "un-stuffed" SOMEHOW... and I can tell you that my current version of Paint ain't gonna do that.

It may be one day possible, but it will requre different software or something. As of right now, as the article says, it's not possible.

I don't know how much this Gullotto guy knows about computers, but double clicking on a JPG file ON IT'S OWN cannot ever infect a computer, unless there is some software that does something more with the JPG file when opened. This would, as I said, require some other program to first be exectued on your computer.

PostPosted: Tue Nov 04, 2003 5:53 pm
 View user's profile
 Back to top 
taniwha
Boot

Joined: 30 Oct 2003
Posts: 40
Worst thread ever.

PostPosted: Tue Nov 04, 2003 5:58 pm
 View user's profile
 Back to top 
Azathoth666
Unfettered

Joined: 09 Oct 2003
Posts: 321
Location: OZ-tralia

 		And the article, as you point out, is from June last year.

Up till this thread, I've never heard of this virus. Sorry kids, it just isnt a threat.

taniwah has nailed it here, I'm afraid...

Laughing
_________________
We don't stop playing because we grow old.
We grow old because we stop playing.

PostPosted: Tue Nov 04, 2003 6:00 pm
 View user's profile
 Back to top 
bakntime
Unfettered

Joined: 31 Oct 2003
Posts: 462
Location: back in time
Azathoth666 wrote:
And the article, as you point out, is from June last year.

Up till this thread, I've never heard of this virus. Sorry kids, it just isnt a threat.


And up until that article, Mr. Gullotto had a job in the computer industry.

Wink

PostPosted: Tue Nov 04, 2003 6:02 pm
 View user's profile
 Back to top 
BrianEnigma
Entrenched


Joined: 05 Oct 2003
Posts: 1199
Location: Pacific Northwest
ExecNight wrote:
But Mr Gullotto says there's no reason a virus writer couldn't stuff the entire virus code into the JPG, making the picture file a virus itself.

Please read the whole news Exclamation


But Mr. Gulloto does not back up his claim. I can say: By reading this sentence, you hard drive has now been formatted. Saying it doesn't make it any more true. This article is very old news in the computer security realm. It has been debunked a number of times by independent researchers. This guy is basically trying to get press with a proof-of-concept that is infeasible in the real world. If you read all of the responses, you can see what Symantec has to say about it: http://securityresponse.symantec.com/avcenter/venc/data/w32.perrun.html

"The original data will not successfully extract from .jpeg files if the file C:\Windows\System\Shimgvw.dll does not exist on an infected computer.
The original data will not successfully extract from .txt files if the file C:\Windows\Notepad.exe does not exist on an infected computer."

Unless you are attempting to exploit a flaw in a specific (and badly written) image viewing program with a buffer overrun, you cannot execute code in a jpeg. And even if you used the buffer overrun, you would need to know what Os version and viewer version a person is using and whether it has a flaw (the major image viewing programs have no known flaws). You are going to be safe with images, pictures, and video.

If you are worried about a virus, don't touch an EXE or make good backups of your system and run a virus scanner (if you're not already--then why not???). If you are worried about a distributed-processing client, get yourself a good NAT firewall (you should already have one by now--they're cheap and almost required now with all the new flaws popping up in Windows every week).

PostPosted: Tue Nov 04, 2003 6:02 pm
 View user's profile Visit poster's website
 Back to top 
AnthraX101
Entrenched

Joined: 18 Mar 2003
Posts: 797

 		I think the point has been made. Feel free to PM me for more info.

AnthraX101

EDIT: Also, if you wish to discuss the screensaver issue further, please start a new thread regarding the security of it or use an existing thread. This one has gotten too ugly to continue.

PostPosted: Tue Nov 04, 2003 6:03 pm
 View user's profile
 Back to top 
Display posts from previous:   Sort by:   
Page 2 of 2 [26 Posts]   Goto page: Previous 1, 2
View previous topicView next topic
 Forum index » Archive » Archive: MetaCortechs » MetaCortechs: General/Updates
Jump to:  


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
You cannot post calendar events in this forum



Powered by phpBB © 2001, 2005 phpBB Group