Originally posted by The PlumberSh!t, better switch from Norton, then. Poor Gates, first the XBox 360 and now this.
Just a quick heads up for all you folks using Windows-based PCs (probably most of us).
http://news.ft.com/cms/s/0d644d5e-7bb3-11da-ab8e-0000779e2340.html
I wonder though, would an image blocker solve this? They are usually meant for ads, but I have one that blocks just about everything. My email agents also block images.
Originally posted by The PlumberI went to that site and it took one minute and 11 seconds to download
Just a quick heads up for all you folks using Windows-based PCs (probably most of us).
http://news.ft.com/cms/s/0d644d5e-7bb3-11da-ab8e-0000779e2340.html
and I have cable modem. Anyone else seeing that much time to
just go to the site?
I see a Russian programmer has come up with a patch already,
before microsoft. What does that tell you?
Originally posted by sonhouseRussians are smarter than Microsoft?!
I went to that site and it took one minute and 11 seconds to download
and I have cable modem. Anyone else seeing that much time to
just go to the site?
I see a Russian programmer has come up with a patch already,
before microsoft. What does that tell you?
Originally posted by Whats goin on ehSounds like it should, if the attack uses images. It makes sense
Sh!t, better switch from Norton, then. Poor Gates, first the XBox 360 and now this.
I wonder though, would an image blocker solve this? They are usually meant for ads, but I have one that blocks just about everything. My email agents also block images.
if you don't allow images to be downloaded it wouldn't be able to
attack.
This must use some variation of the watermark system currently
used to ID commercial images. They are working on stuff that does
the same thing for sound files too. By extension, therefore, the
same problem may exist in the future for sound file downloads also.
I get these email ads that include sound already so there may
be a double jepardy attack going on too, at least in the future.
Aint the 21st century grand?
Originally posted by sonhouseshhhh! Don't say that too loudly.
Sounds like it should, if the attack uses images. It makes sense
if you don't allow images to be downloaded it wouldn't be able to
attack.
This must use some variation of the watermark system currently
used to ID commercial images. They are working on stuff that does
the same thing for sound files too. By extension, therefore, the
same problem may ex ...[text shortened]... be a double jepardy attack going on too, at least in the future.
Aint the 21st century grand?
1 edit
Originally posted by Whats goin on ehHi, you seem to be around still. Thought you were going on a trip.
Russians are smarter than Microsoft?!
I got one suggestion about my router problem from my IP.
He said he has a router and it resets every time he turns on his
vacuum cleaner. That presumably would put a nice power pulse
or dip in the power into the router, maybe they are more sensitive
to power spikes than the computer power supply. My guess is, if
that is true it would be because the power supplies for comps
are in the hundreds of watts and therefore have more capacitance
for ripple control than the little wall warts that power the routers.
That seems to be the best suggestion so far, could explain a lot.
So my next trip is to get a small UPS, just for the router and maybe
the cable modem, they can't take more than 50 watts between the
two of them I would think. What do you think?
Thinking a bit further about that spike/surge/drop problem,
I am not sure if a UPS would help.
It only has a switch that cuts in if the power actually dissapears
and spike problems would have to have its own electronics, active
or passive, but a separate circuit from a simple power loss
detector.
So there are basically three kinds of power supplies, UPS, Spike or
surge supressors, and one called "Line Conditioners"
Have to research which one can deal best with the kind of spikes or
drops you get from simple power switching.
I know my kids have a 1500 watt electric heater in their room upstairs
and it is on the same power line as this comp, I know because if
too much stuff goes on like AC's in the summer, it takes out their
room AND this comp so it might be a good bet to put something inline
to eliminate these 'spikes'.
Originally posted by sonhouseThe problem is with .wmf files (used for vector based clipart). This file extensions are outdated and therefore firefox won't display them. However, they can be disguised as .gifs or .jpgs. Also, accessing the infected file in any way will trigger the virus. Viewing it in a browser (IE especially), thumbnailed in a folder or even if Google Desktop archives it will all infect you.
Sounds like it should, if the attack uses images. It makes sense
if you don't allow images to be downloaded it wouldn't be able to
attack.
This must use some variation of the watermark system currently
used to ID commercial images. They are working on stuff that does
the same thing for sound files too. By extension, therefore, the
same problem may ex ...[text shortened]... be a double jepardy attack going on too, at least in the future.
Aint the 21st century grand?
Sonhouse, the exploit is a buffer overflow. The image has embedded instructions which due to a structure issue are run by the computer. These could do anything, from stealing information from your computer to installing other viruses.
Originally posted by XanthosNZAh, the old buffer overflow issue. Thought the already dealt with
The problem is with .wmf files (used for vector based clipart). This file extensions are outdated and therefore firefox won't display them. However, they can be disguised as .gifs or .jpgs. Also, accessing the infected file in any way will trigger the virus. Viewing it in a browser (IE especially), thumbnailed in a folder or even if Google Desktop archives ...[text shortened]... se could do anything, from stealing information from your computer to installing other viruses.
that one. Newer variation I guess. I killed my AVG to download
NOD32. The thing I didn't like about AVG was the time it takes
to finish. A full hour and a half for my wife's comp. I think the
number of files are up around 175,000 but it still was slower than
when I used Norton.
Do you have any info on the effectiveness of NOD vs AVG?
Are you saying NOD already can detect and defeat this new threat?
Well one year old one if you are correct. If that is true BTW, does
that mean MS was sitting on this hoping noone would notice?
If they actually knew a year ago, it would seem they should have
had a patch out long before now.
Originally posted by sonhouseI've been told by people who have tested NOD32 on files with the exploit but no malicious code that it will pick it up. You may need to change the settings to scan image files (as this is the first exploit that uses them so they were considered safe).
Ah, the old buffer overflow issue. Thought the already dealt with
that one. Newer variation I guess. I killed my AVG to download
NOD32. The thing I didn't like about AVG was the time it takes
to finish. A full hour and a half for my wife's comp. I think the
number of files are up around 175,000 but it still was slower than
when I used Norton.
Do you h ...[text shortened]... hey actually knew a year ago, it would seem they should have
had a patch out long before now.
When I heard about this exploit (Dec 26th or so, hence last year just) it was considered a zero-day exploit (it had already been used in the wild and is considered urgent) so who knows how long it's been around.
Originally posted by XanthosNZSo what do you say Xanth? Biff AVG for the NOD32 suite??
I've been told by people who have tested NOD32 on files with the exploit but no malicious code that it will pick it up. You may need to change the settings to scan image files (as this is the first exploit that uses them so they were considered safe).
When I heard about this exploit (Dec 26th or so, hence last year just) it was considered a zero-day exp ...[text shortened]... lready been used in the wild and is considered urgent) so who knows how long it's been around.
skeeter