> Don't know if this was a hoax or not. It was reported by McAfee,
> supposedly after the technique was discovered by someone else and
> disclosed to them. Others questioned that this would even work, tho'
> McAfee et al. reported it as a proof of concept rather than a real
> threat at this time. The description I saw seemed not to make much
> sense. It seemed to require a Trojan horse being deposited on the
> host machine before the contents of the jpeg could act as a trigger.
> That strikes me as not so very different from other viruses in that
> the operating code had to sneak in first, but it requires an extra
> step to work.
I poked about a bit in McAfee's description, and while it probably isn't a
hoax, it's so badly misreported that it might as well be. What McAfee is
saying is that this could only be a problem if your machine was already
infected with a Trojan Horse type virus, the sequence embedded in the JPEG
file (or whatever, could be any file type) would only be a trigger.
Somehow this seems so stunningly obvious (of course it will work, even on a
Mac !) that I'm amazed McAfee even bothered to mention it. Once a machine
has been compromised, it can be made to do almost anything (including
collecting any credit card numbers you type into 'secure' sites and sending
them to a third party). McAfee's warning is akin to claiming the word
'kill' is deadly because you might have a vicious dog who would respond to
the command. My opinion of McAfee has just dropped even lower (if that's
possible).
Randall
/// triumphs@autox.team.net mailing list
/// To unsubscribe send a plain text message to majordomo@autox.team.net
/// with nothing in it but
///
/// unsubscribe triumphs
///
/// or try http://www.team.net/cgi-bin/majorcool
|