Forum issue: Images
Posted: Wed Jan 11, 2006 12:42 am
Source: http://www.classesofcamelot.com/
Normally I don't put warnings like this up on the news, since it's not really my job and I generally don't know much more than anyone else, but this one is very, very scary...
There's a flaw in Windows (yes, Mac/Linux users, go ahead and start being snide) that allows an image file, when cached and then interacted with in any way (displayed on a web page, indexed by a desktop search program, etc), to more or less take over your computer. Using Firefox makes you only marginally safer; ANY Windows user is vulnerable.
This has been showing up in forums all over the place - any site that allows users to display a signature with images could infect you. I'm working on changing the forums to make sure no one can do this via CoC (there's a good chance I'll disable use of images in signatures and possibly user avatars), but for now, there's a fix out. It's not official, but it's posted by a well-known security guru, so hopefully it's safe. Go to http://grc.com/sn/notes-020.htm to get that.
And of course this is just one more reason to have a good antivirus program and not to visit untrustworthy sites. Unfortunately now untrustworthy may also mean all forums...
Normally I don't put warnings like this up on the news, since it's not really my job and I generally don't know much more than anyone else, but this one is very, very scary...
There's a flaw in Windows (yes, Mac/Linux users, go ahead and start being snide) that allows an image file, when cached and then interacted with in any way (displayed on a web page, indexed by a desktop search program, etc), to more or less take over your computer. Using Firefox makes you only marginally safer; ANY Windows user is vulnerable.
This has been showing up in forums all over the place - any site that allows users to display a signature with images could infect you. I'm working on changing the forums to make sure no one can do this via CoC (there's a good chance I'll disable use of images in signatures and possibly user avatars), but for now, there's a fix out. It's not official, but it's posted by a well-known security guru, so hopefully it's safe. Go to http://grc.com/sn/notes-020.htm to get that.
And of course this is just one more reason to have a good antivirus program and not to visit untrustworthy sites. Unfortunately now untrustworthy may also mean all forums...