gerhard wrote: >http://slashdot.org/article.pl?sid=02/06/14/1343223 > The author (who is an editor at /.) appearantly lacks basic computer security knowledge, makes his conclusions and runs a conspiracy story.
He writes: > JPEGs are compressed image files that only contain data > representing an image to be displayed, not code to be executed. > That's true, if the application interpreting (displaying) the image is sane. If that application (or the relevant "library") has a serious security bug, like a buffer overflow, it might be possible to use that bug to let it run code contained in the data section of the image. Such bugs do get discovered occasionally, in fact 2 such bugs have recently been discovered in common image libraries, also shipped with Beonex Communicator 0.8-stable Windows, see my most recent post to the announce mailing list. So, it is possible to write a virus/worm which propagates itself using image files, if (and only if) you target an library/application/system which is already buggy. Ben
