Isn't it wonderful when you get to see the results of integrating a web browser/file manager into the OS. Now if I so much as open a jpeg file my computer could become open to someone taking control of it.

http://news.zdnet.com/JPEG+exploit+could+beat+antivirus+software/2100-1009_22-5388633.html?part=rss&tag=feed&subj=zdnn

This is totally ridiculous wouldn't you be vulnerable to this bug by simply going to a website that is infected? Yet Microsoft doesn't consider this a high risk threat because of the amount of user interactivity required. Just like this last bug they carried over from SP1 that required the user to drag and drop something from a page onto their desktop, where a piece of code could set itself up to run at boot and potentially own your system without you ever knowing. The funny thing is there are so many games that require such motions that one could easily hide the exploit in a web game and have the user unwittingly install the virus.

Someone needs to make them totally redesign their OS, they need to either forget about this crap Longhorn and rebuild the whole dammned this so that at the very least all install operations require creditials (su) actually freaking USE run as (SU) and stop this stupid practice of defaulting users to administrator access, most users need to have drive mounting access, and the ability to tweak certain system settings like resolution etc. Or rebuild longhorn for security. [Aet the very least make use of Run as.(SU)] This kind of crap needs to stop right now.

As of right now I am trying out OO on windows. I may switch to alieviate part of this problem.

Um, this is an exploit of a jpeg file format vunerability and potentially affects any OS or software, linux included, that read jpeg files. Patches were released some time ago for linux (fedora) and windows :)

Of course, you can bet the first exploits of this vunerability will be aimed at MS though.

Ned

why are you telling me what I already know Ned I don't get your point? I understand full well that this is a Jpeg exploit. Anyway would a yum update take care of any Fedora vulnerability..the original article I read a day or two ago did not say that *nix systems were affected. Perhaps M$ was slow to patch their GDI?

Hi SS,

Just pointing out that it's a vunerability of the jpeg file format and as such is not just a windows problem :)

To answer your question, yes a yum update will patch fedora. The reason you probably didn't read anything about *nix being affected is that the security community, well stories like this anyway, seem to be MS focused. You know the score, MS is security focused atm so lets rip hole in 'em and publicise stories about security flaws that affect MS OSes.

IMHO I don't think it's fair to lay blame as MS's door for this one, although their response to it is up to their usual standard :rolleyes:

Ned

Well I don't know about that since this GDI update is listed as critical and from what you are telling me this vulnerability has been known about for some time..Am I right? As for ripping a hole in M$ I honestly appreciate it since the rest of the media is totally biased in one way or another. Besides Microsoft's responses to these things are never truly adequate anyway, hell they basically told the users to "#### off" in regards to the other exploit I mentioned that they didn't even fix with their oh so wonderful [virus] service pack 2. They need to be ripped a new one, maybe it will make hem do some things right.