Pyramid Schemes Work, Too (9/15/04)
|
|
| |
Well, we were planning on holding off on this until Wildly Off-Topic Microsoft-Bashing Day this Friday, but what the heck-- it's a slow news day and this is just too much fun to pass up. Remember about ten years ago when "regular people" were just starting to get plugged into this new-fangled "Internet" thing, and emailed virus hoaxes preyed mercilessly upon the sad lack of technical understanding that often characterized the boatloads of AOL subscribers disgorged unceremoniously onto the scene? "Don't open any message with a subject line of 'I LOVE CLAMATO,'" they shouted, "or you will be instantaneously infected with a virus that will GIVE YOUR COMPUTER LYME DISEASE!!!" Or "whatever you do, if you're surfing the web and see a picture of Anna Kournikova shucking oysters [there was a big mollusk theme to all these, you recall], run away quickly because your computer will BURST INTO FLAME and BOTH YOUR ARMS WILL FALL OFF!!!" Ah, good times.
See, the more technically-inclined among us knew full well that simply reading an email message couldn't pass along a computer virus, and neither could the act of looking at an image on a web site, whether it depicted tennis stars and bivalves or not. The only way to catch a virus via email was to open an infected document that was sent as an attachment, and the only way to get one from a web site was to download and open a file carrying the bug. Simply reading mail or surfing the 'net was safe as houses-- at least, it was until Microsoft decided to change all the rules.
Sometime in the late '90s, a new crop of viruses did manage to spread themselves all over creation by simply coaxing recipients to read an email message; Microsoft's Outlook mail application apparently rendered embedded HTML and even executed embedded scripts by default, which led to all sorts of fun for Windows users. Suddenly it was that whole "you can't catch a virus by reading an email message" thing that had become the hoax. (Thanks, Redmond!) And guess what? Now you can catch a virus by looking at a picture, too! Woo-hoo!
Well, at least you can if you're running Windows and you haven't patched your system for the sixty-gazillionth time this year yet. Faithful viewer Mike Scherer dished us a CNET article about a buffer overflow vulnerability in Microsoft's core JPEG-rendering code that "could let attackers create an image file that would run a malicious program on a victim's computer as soon as the file is viewed." While no exploits or proof-of-concept examples have yet been spotted on the 'net, security wonks warn that "the potential is very high for an attack," in part because the code that contains the flaw "affects various versions of at least a dozen Microsoft software applications and operating systems," so even if you've patched your copy of Windows, you might be running, say, an unpatched version of Visio on top of it that's still vulnerable to attack.
In the interest of fairness (it's not Friday quite yet, you understand), we should probably mention that even the Mac was susceptible to a similar buffer-based vulnerability (since fixed) that lived in its code for displaying PNG graphics. But PNG isn't ubiquitous like JPEG is, and is used for far fewer pictures of Ms. Kournikova. If nothing else, isn't it a kick in the pants to see how old email hoaxes are coming true? Heck, in five more years, maybe Bill Gates will give us all a thousand bucks and a free copy of Longhorn (assuming it's shipping by then-- burn!!) just for forwarding his email. Why, the future's never looked brighter!
| |
| |
|
SceneLink (4923)
| |
|
And Now For A Word From Our Sponsors |
| | |
|
| |
|
| | The above scene was taken from the 9/15/04 episode: September 15, 2004: Another UK consumer watchdog group is on Apple's case, this time for allegedly overcharging at the iTunes Music Store. Meanwhile, iMac G5s start to arrive (and early testing shows performance to be surprisingly good), and Microsoft's latest security flaw can turn a simple JPEG into a lethal weapon...
Other scenes from that episode: 4921: Not A Vendetta (This Time) (9/15/04) You know, you UK people, we love ya like pancakes, but honestly, can't you tell some of your more uptight countryfolk to unclench and give it a rest, already? Remember, guys, we sympathized completely when it seemed like Apple was out to get you, what with the rampant layoffs and canceled OS localizations and backing out of London Mac trade shows every ten or twelve minutes... 4922: Faster Than You Might Think (9/15/04) Will wonders never cease? Apple said that the iMac G5 would ship in mid-September; well, spin our vowels and call us Vanna, because here we are smack-dab in the middle of the month, and darned if people aren't indeed receiving stock-config iMacs that they preordered shortly after the product's Philnote debut!...
Or view the entire episode as originally broadcast... | | |
|
|