• Fur Affinity Forums are governed by Fur Affinity's Rules and Policies. Links and additional information can be accessed in the Site Information Forum.

Admin Control Panel

Status
Not open for further replies.

ShelbyDingo

Resident Chimaeric Dingo
I'm reading through this and I think it broke my brain. Then again, I am not a technician.. I just happen to sit on the sidelines, point and laugh.
 

Pi

Member
Yes, I will admit I am not intimately familiar with the exact mechanics regarding how the exploit functioned. But, the key point I was trying to make is still valid: image files do have the potential of causing damage if they are crafted in a specific manner. The WMF exploit has been patched now, but there is the possibility of more similar exploits being discovered and possibly utilized in the future.

Ok, now this is really REALLY the last I'll say of this. We've gotten way off topic here.

You lack fundamental understanding of the format yet you claim to have knowledge of how things work.

Hmm.

The WMF "vulnerability" is unique in that it was designed to work with windows and bear an executable callback in the event that the user cancelled printing. JPEG obviously is not designed with that in mind, nor are any other image formats.

Anyway, what I'm saying here is while you are trying to make a useful point, you are cloaking it in "look it up" when it is clear that you have no idea what the fuck you're talking about. Shut up and go back to whatever it is you're good at, because it isn't computer security.
 
GAH STOP WITH THE TECHINICAL SHTUFF.....*falls over twitching*
 

mukichan

Chibi Chubbeh Draggie
I'm actually glad that admins here actually do their job and do what they can. I've seen people on dA get hacked and I don't see much of anything happen for months.

Go FA admins!! :D *woots and dances around*
 
Said, "doc what's the condition
I'm a man that's on a mission"
Said, "son, you'd better listen
Stuck in your ass
Is an electrician"

~Beastie Boys
 
Huh. Wow. This is normally where I would offer all of my computer power and technical ability to the FA staff to do with as they see fit... but it seems that's not necessary at all. Still, the offer stands if the issue progresses.

Out of curiosity, is this at all related to the retards on DeviantArt that cause said site to now have a warning whenever you click an off-site link?
 

Fiz

shut up bitch
*facepalms* can we stop with the arguing and stuff about jpgs and crap? Its hurting my computer illiterit (and probably spelling) mind.

I do what I want.



http://www.secureworks.com/research/threats/wmf/

So yea the WMF exploit exists but it's been patched for a long time.

However from what I've read about this exploit, it was used to execute remote code, not viruses/malware. The remote code would then issue a command for whatever it was meant to do, which could have been installing malware.

I mean technically, its still not a virus inside of a .jpg, its remote code inside of a ".jpg" which will then do whatever the fuck it was meant to do (possibly trigger a virus).

Whether it was a WMF exploit that effected the forum member in question or if it was something a bit more obvious like whatever.jpg.bin or whatever.jpg.exe is entirely up in the air.

The point still stands that the exploit has been long since patched up and I wouldn't think that it is going to be used much now that it has been patched for several years, so the .jpgs that Mr. Toolbars were uploaded are most likely safe because:

1. Like I said, the exploit has been patched for years.
2. Modern imageviewers check metadata.
3. If the first two failed, the browser you will be using to view the image in will check the metadata itself.
 
Last edited:

ShelbyDingo

Resident Chimaeric Dingo
It's just unfortunate that someone had to do this to get their kicks. *sigh.*

The internet is a sad place sometimes.
 

Aquin

Haunted
Lol only 3 accounts.

Epic fail. Little e-thug who posted this is probably looking for ways around said ban.

Some advice kids: Don't screw with furries, you'll just get raped instead. Raped in the masses!
 

Ainoko

The Wild And Crazy Hybrid
So, if the pictures prove true, then Nek0gami and Tincrash were hit. Who was the third?

I think the third was Ebony Leopard
 

mukichan

Chibi Chubbeh Draggie
I think the third was Ebony Leopard

but wasn't Ebony hacked like... a looooooooooooong time ago? I could have sworn I remembered hearing about that artist getting hacked sometime before Christmas.
 
I do what I want.



http://www.secureworks.com/research/threats/wmf/

So yea the WMF exploit exists but it's been patched for a long time.

However from what I've read about this exploit, it was used to execute remote code, not viruses/malware. The remote code would then issue a command for whatever it was meant to do, which could have been installing malware.

I mean technically, its still not a virus inside of a .jpg, its remote code inside of a ".jpg" which will then do whatever the fuck it was meant to do (possibly trigger a virus).

Whether it was a WMF exploit that effected the forum member in question or if it was something a bit more obvious like whatever.jpg.bin or whatever.jpg.exe is entirely up in the air.

The point still stands that the exploit has been long since patched up and I wouldn't think that it is going to be used much now that it has been patched for several years, so the .jpgs that Mr. Toolbars were uploaded are most likely safe because:

1. Like I said, the exploit has been patched for years.
2. Modern imageviewers check metadata.
3. If the first two failed, the browser you will be using to view the image in will check the metadata itself.

Fine if you want to be a total fucking douche and continue this shit do it. I was trying to say stop in a nice way but now you've gone and been a fucking asshat.
 

TwilightV

HELL YEAH!!!

Eevee

Banned
Banned
(full disclosure: that's probably who this is)
you give him far too much credit good sir

he is too busy with his super-awesome jpeg compression that can fit anything in 2kb anyway



and man can you guys stop reciting slashdot headlines

image metadata doesn't even remotely have anything to do with this, stop saying that :(
 

Fiz

shut up bitch
Fine if you want to be a total fucking douche and continue this shit do it. I was trying to say stop in a nice way but now you've gone and been a fucking asshat.

Let me tell you all about regedit.exe aka registry editor.
 
Status
Not open for further replies.
Top