Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Infected jpeg files?

From: "Brass, Phil (ISS Atlanta)" <PBrass () iss net>
Date: Fri, 9 Nov 2001 13:58:56 -0500 
Actually, they finally found one early october 2001.  Primary reference:
http://www.citi.umich.edu/u/provos/stego/abc.html

Phil


-----Original Message-----
From: Bruce Ediger [mailto:eballen1 () qwest net]
Sent: Friday, November 09, 2001 10:31 AM
To: OBrien, Brennan
Cc: vuln-dev () securityfocus com
Subject: RE: Infected jpeg files?


On Thu, 8 Nov 2001, OBrien, Brennan wrote:


Given that images are a major way of transmitting encoded data, it
stands to reason that the hooks could exist  -- that is, it 

could be a

transport mechanism.  However, the viewer itself would have 

to know to

The view that "internet images transmit encoded data" is thoroughly
discredited:  see 
http://www.theregister.co.uk/content/archive/21829.html

Some researchers examined two million images from eBay, and 
found not a
single image containing steganographically encoded data. 
Primary source:
http://www.citi.umich.edu/techreports/reports/citi-tr-01-11.pdf

But that's neither here nor there in the context of whether 
the dopey IE
warning about viruses in images is correct.
Previous By Date Next
Previous By Thread Next

Current thread: