Author Topic: One for the Admins (Read 2262 times)

tweetytek · « **on:** 07 October 2014, 09:28:47 pm »

Was reading this today
http://foc-u.co.uk/index.php/topic,13239.0.html

Not true that images are not harmful... I work for an MoD contractor working in Defence Information and Intelligence (cyber security).
PC based images are complex formats and contain meta data and other parts that are not directly visible when painted onto the display — it is possible to conceal "stuff" within without affecting how the image is displayed on the screen , even when hyperlinked. Venomous data can reside within the image that exploits "back doors" in poor quality image rendering programs - including doors like stacks, buffers, data segment larger than the stated image format type and exception handlers and alike. With skill, a virus writer

can utilise these flaws to infect your machine when you open the image with a certain program. Granted this wont work just displaying the image as Mickvp said, but if one were to click on the image and open it in a certain app, then Bang!! you're infected.
Just thought I'd clear that up for the Admins

mickvp · « **Reply #1 on:** 07 October 2014, 10:29:18 pm »

so in short - not harmful in the format it is being displayed in.

I appreciate what you are saying, and you are right of course - someone could insert malicious information if they were that way motivated. The image in question on that thread had no malicious data on it though (and I know, because I checked the meta data and also the HTML code in which it is embedded).

The truth is, some guys one here have a hard enough time figuring out how to login and post anything (im looking at you Red98

) so rathen than explain anything technical with regards to the interwebz, its best to use small words and just say everything will be OK

The site which had been marked as malicious (memegenerator) has since been moved into the clear list, so that warning does not come up for the very same image now.

Thanks for the heads up though, we will as ever continue to check out these reports as they come in

red98 · « **Reply #2 on:** 08 October 2014, 06:54:09 am »

Quote from: mickvp on 07 October 2014, 10:29:18 pm

so in short - not harmful in the format it is being displayed in.

I appreciate what you are saying, and you are right of course - someone could insert malicious information if they were that way motivated. The image in question on that thread had no malicious data on it though (and I know, because I checked the meta data and also the HTML code in which it is embedded).

The truth is, some guys one here have a hard enough time figuring out how to login and post anything (im looking at you Red98 ) so rathen than explain anything technical with regards to the interwebz, its best to use small words and just say everything will be OK

The site which had been marked as malicious (memegenerator) has since been moved into the clear list, so that warning does not come up for the very same image now.

Thanks for the heads up though, we will as ever continue to check out these reports as they come in

mmmmmmmmmmmm

...and there was silly old me thinking this was a motorcycle forum

...

tweetytek · « **Reply #3 on:** 08 October 2014, 06:56:22 am »

Oh the internet is a place of skulldugerry and cutlesses

ChristoT · « **Reply #4 on:** 08 October 2014, 12:47:16 pm »

Quote from: red98 on 08 October 2014, 06:54:09 am

mmmmmmmmmmmm ...and there was silly old me thinking this was a motorcycle forum ...

You mean this ISN'T flower arranging? Aww shit!

darrsi · « **Reply #5 on:** 30 November 2014, 10:21:59 am »

Quote from: tweetytek on 07 October 2014, 09:28:47 pm

Was reading this today
http://foc-u.co.uk/index.php/topic,13239.0.html

Not true that images are not harmful... I work for an MoD contractor working in Defence Information and Intelligence (cyber security).
PC based images are complex formats and contain meta data and other parts that are not directly visible when painted onto the display — it is possible to conceal "stuff" within without affecting how the image is displayed on the screen , even when hyperlinked. Venomous data can reside within the image that exploits "back doors" in poor quality image rendering programs - including doors like stacks, buffers, data segment larger than the stated image format type and exception handlers and alike. With skill, a virus writer can utilise these flaws to infect your machine when you open the image with a certain program. Granted this wont work just displaying the image as Mickvp said, but if one were to click on the image and open it in a certain app, then Bang!! you're infected.
Just thought I'd clear that up for the Admins

I lost the way after "Not true....."

tweetytek · « **Reply #6 on:** 30 November 2014, 01:24:14 pm »

Why bother posting then? Suppose your post count is +1 up and another for the doubtless response to this.

Jeeeez

Author Topic: One for the Admins (Read 2262 times)

tweetytek

One for the Admins

mickvp

Re: One for the Admins

red98

Re: One for the Admins

tweetytek

Re: One for the Admins

ChristoT

Re: One for the Admins

darrsi

Re: One for the Admins

tweetytek

Re: One for the Admins