Results 1 to 5 of 5

Thread: IM photos compromise networks

  1. #1
    Junior Member jseymour's Avatar
    Join Date
    Oct 2004
    Location
    Gainesville Florida
    Posts
    41

    IM photos compromise networks

    Security experts are warning users that hackers can use JPEG profile photos on instant messenger to attack networks.

    According to security company WhiteHat UK, hackers can use an exploit in JPEGs which enables them to embed malicious code into profile photos on instant messenger. When a recipient sees the photo on their instant messenger (IM) client, it can cause an exploit code, such as a Trojan or worm, to automatically execute.

    Jason Hart, security director for WhiteHat UK, said: "Potentially, the photos that are sent with instant messenger could be used with the Microsoft JPEG exploits already out there. Essentially you can say it's the same as any JPEG using the IM protocol as a portal to come through."

    IM travels on port 80, which is often regarded as a trusted channel because internet traffic also uses it. Hart said any company using IM that allows JPEGs was open to attack:

    Complete story: silicon.com

  2. #2
    Junior Member elusive's Avatar
    Join Date
    Oct 2004
    Posts
    17
    this nightmare will eventually seep into the mainstream of internet, i'd hate to resort to lynx text-only browsers to keep safe from these destructive hackers. Life really sux in the dark world of DOS-like.......ugh

  3. #3
    Old and Cranky Super Moderator rik's Avatar
    Join Date
    Aug 2003
    Location
    Watching Your every move...
    Posts
    4,688
    If I'm not mistaken this was discovered because the jpeg exploit was compromised by interring the code within the image on the affected users profile.

  4. #4
    Junior Member jseymour's Avatar
    Join Date
    Oct 2004
    Location
    Gainesville Florida
    Posts
    41
    Yeah, its because of the jpeg flaw, and the assumption that workstations on a network will not be patched as readily as the servers, thus allowing the hacker (correct term in this case is cracker...doing harm) to compromise the network from the inside behind the firewall.

  5. #5
    Junior Member elusive's Avatar
    Join Date
    Oct 2004
    Posts
    17
    i've seen these encryption-jpg applz to send msgs (like digisecret), thought it would be a cool thing til now.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •