On 3 Jan 2006 at 9:56, Stephen Bird wrote: > On Tue, 3 Jan 2006 09:39:32 -0500, Bernie Cosell wrote: > > >Correct -- there's no way to know where tinyurl is going to take you > >until after you get there, which might be too late. > > Thanks, Bernie.... and a firewall wouldn't protect the visitor from an > infection?
By and large, that's correct. The file the comes over looks 100% legit, and as been pointed out, can masquerade as a .jpg image, and so it would come in just like every other image on every other web page you visit. > My understanding is that infection can also occur from attachments and that AV > programs are just being developed to identify/protect users. Correct: *ANY means by which you render a graphics image can potentially go hit the problem in the gdi library. BUT: so far, the AV folk are *NOT* winning. This vulnerability can be completely masked and varied, and as fast as they come up with definitions to catch yesterday's versions, there are a dozen new variants they can't catch. > .. I wonder where the > greatest risks lies - visits to web sites which have been > designed/inadvertently > take advantage of the wmf vulnerability or by the transmission/exchange of > infected > attachments. Well, probably the visit to web sites: email attachments are completely inert and *always* require your active intervention before they can do anything. So simply being careful [which you should've been doing all along!!!] will be OK for email attachments. You have essentially no conrol over what your browser does: once you have it open a site, it'll do redirects, grab images, etc all automatically, and there's no way to tell *before* that happens that it is about to [unlike with email, where it waits for you to infect yourself]. /Bernie\ -- Bernie Cosell Fantasy Farm Fibers mailto:[EMAIL PROTECTED] Pearisburg, VA --> Too many people, too few sheep <-- -- ---------------------------------------- To Change your email Address for this list, send the following message: CHANGE WIN-HOME your_old_address your_new_address to: [EMAIL PROTECTED] Note carefully that both old and new addresses are required.
