On 9 Nov 2001 at 21:40, HackHawk wrote: Date sent: Fri, 09 Nov 2001 21:40:16 -0800 To: <vuln-devat_private> From: HackHawk <hughat_private> Subject: Re: Infected jpeg files? Copies to: <rginskiat_private>, <joveat_private>, J Edgar Hoover <zorchat_private> > This (finding an algorithm flaw) is the most interesting post I've seen > about infecting JPEG images. > > However, I've seen no mention of files on the Macintosh. Isn't it true > that on a Macintosh, you can give an executable file ANY extension you > want? And isn't it also true that you can associate ANY image you want > with your executable file? > > A MAC friend of mine once showed me how he got somebody to open a Mac > Script file because the target thought it was a zipped archive of some > sort. The script setup a special access password on the targets system, > then downloaded and opened the actual archive from somewhere else. > > I spent a few hours attempting to create such a file using Code Warrior on > the MAC a few months back, but due to lack of time gave up the effort. I > was able to name an executable with any extension I wanted (.JPG to be > precise), but I was never able to associate the image I wanted with the > executable file. > > Any MAC people want to correct my belief if it is incorrect? > > - hh Hi all Last week I was troubleshooting a jpeg viewing problem with a number of workstations. What was happening was certain w/station users couldn't view a particular image that had been mailed out for staff information (Xmas card design). It turned out that the image was created on a Mac in Photoshop and was saved as a jpeg in CMYK format. The image itself had extra header information (as opposed to a jpeg saved in RGB format) that IE could not decipher. This problem was only affecting those users who still had IE as the default viewer for jpeg files. Any other image viewer seemed to parse the image and display it OK, except MS paint, which crashed. Resaving the image as a jpeg through an image viewer such as Irfanview removed the offending extra header information and resolved the IE problem (I didn't check MS Paint). IE was tied up in some sort of processing *after* the default 'red cross' icon for a non-viewable image was displayed. I'm no coding guru, but thought that there may be potential there to embed some code in those extra headers to cause IE to process that code. If anyone is interested in playing with this idea, e-mail me off-list and I'll organize to e-mail you both variants of the same file on Monday. *If* this is possible, there are an awful lot of IE browsers still set as the default image viewer for jpegs out there. Cheers, -- Brad Griffin Gryphonn Design Rockhampton QLD, Aust. 4700 ABN: 12 095 821 961 ***************************
This archive was generated by hypermail 2b30 : Sat Nov 10 2001 - 22:25:36 PST