Re: JPG/GIF Virus now?
Hello Scott, Sunday, December 21, 2003, 10:15:28 AM, you wrote: S Any idea if The Bat would be vulnerable to this?? No, TB! is not vulnerable because it doesn't try to open a file with a graphic extension as a non-graphic file. However, if an external image viewer is used (see the options in the Options|Preferences dialogue), that viewer *may* do that. Many of specialised viewers (such as ACDSee, IrfanView) don't do that, AFAIK. Netscape and Mozilla if they set as the default image viewer, don't do that either. I have no idea if it's really a case of IE (which can also handle graphic extensions). -- Cheers! Stefan pgp0.pgp Description: PGP signature Current version is 2.02.3 CE | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: JPG/GIF Virus now?
* Scott [EMAIL PROTECTED] writes: Be careful how you view your JPG and GIF files (from now on)... [...] Any idea if The Bat would be vulnerable to this?? Take this (non-existant) URL: http://www.example.com/pics/me.jpg If you visit such a site you'd expect your browser to display the file »me.jpg«. But ... a) what if »me.jpg« isn't a file but a directory? Your browser will open something like »www.example.com/pics/me.jpg/index.html« b) what if a file (or directory) »me.jpg« doesn't exist? You'll be redirected to an 404-error page. Both the »me.jpg/index.html« and the error page *could* contain malicious code. Thus it appears that The Bat! is not vulnerable against this scenario because it doesn't confuse being a mailreader with being a web browser ... like others do. Carsten -- Current version is 2.02.3 CE | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: JPG/GIF Virus now?
On Monday, December 22, 2003, 16:14:16, Carsten Thönges wrote: Thus it appears that The Bat! is not vulnerable against this scenario because it doesn't confuse being a mailreader with being a web browser ... like others do. As far as I've understood, when IE engine encounters an image file, it will try to autodetect what kind of file it is - however, it won't stop at image types, but will check for other types, too, and if it recognizes the file as executable, it will try to run it. -- Jernej Simoncic, [EMAIL PROTECTED] http://www2.arnes.si/~sopjsimo/ http://deepthought.ena.si/ There are only two problems with people. One is that they don't think. The other is that they do. -- McLean's Maxim Current version is 2.02.3 CE | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: JPG/GIF Virus now?
Hello Jernej, On Mon, 22 Dec 2003 17:38:21 +0100 GMT (22/12/2003, 23:38 +0700 GMT), Jernej Simonèiè wrote: Thus it appears that The Bat! is not vulnerable As far as I've understood, when IE engine Two different pieces of software. encounters an image file, it will try to autodetect what kind of file it is - however, it won't stop at image types, but will check for other types, too, and if it recognizes the file as executable, it will try to run it. It doesn't here. Maybe it's a setting in IE somewhere under Tools / Security? -- Cheers, Thomas. Moderator der deutschen The Bat! Beginner Liste. What to not say to the nice policeman: I thought you had to be in relatively good physical condition to be a police officer. Message reply created with The Bat! 2.02.3 CE under Chinese Windows 98 4.10 Build A using a Pentium P4 1.7 GHz, 256MB RAM Current version is 2.02.3 CE | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
JPG/GIF Virus now?
Be careful how you view your JPG and GIF files (from now on)... http://www.vnunet.com/News/1151553 === Clip == Security specialist ISS said contributors to hacker mailing lists have recently been discussing new techniques to bypass firewalls by mislabelling general HTML files as JPEGs. Steven Darrall, senior consultant at ISS X-Force Security Assessment Services, said the problem is caused by Microsoft's Internet Explorer (IE) web browser automatically opening files labelled with .jpg or .gif extensions. If the file does not contain an image, IE will try and guess the content, Darrall said. The news could explain the recent increase in the number of spam-like emails that contain JPEG files that do not actually include an image. === End Clip == Any idea if The Bat would be vulnerable to this?? Scott Windows 2000 The Bat 2.01.3 Popfile Spam Filter http://popfile.sourceforge.net/ Current version is 2.02.3 CE | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: JPG/GIF Virus now?
Hello Scott, On Sun, 21 Dec 2003 02:15:28 -0600 GMT (21/12/2003, 15:15 +0700 GMT), Scott wrote: Be careful how you view your JPG and GIF files (from now on)... http://www.vnunet.com/News/1151553 I can't reach that page at the moment. the problem is caused by Microsoft's Internet Explorer (IE) web browser automatically opening files labelled with .jpg or .gif extensions. If the file does not contain an image, IE will try and guess the content, Darrall said. Not here. I just renamed an .html file on my computer to .jpg and called it from IE6. What I got was a little square with a red X init, indicating that the picture could not be displayed. No guessing on IE's side that it might be HTML. Any idea if The Bat would be vulnerable to this?? No. If you click on an attachement tag with a .jpg extension, and it is not a JPG file, the viewer will not be able to display the pciture, that's all. If you click on the attachment icon, your default viewer will be opened, and that is outside of TBs realm of influence. If JPG files are associated with Irfanview, you simply get an error message about wrong format. -- Cheers, Thomas. Moderator der deutschen The Bat! Beginner Liste. What? What the hell is a RFC? I _do_ already use NAV! - Peter Palmreuther on TBUDL. Message reply created with The Bat! 2.02.3 CE under Chinese Windows 98 4.10 Build A using a Pentium P4 1.7 GHz, 256MB RAM Current version is 2.02.3 CE | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html