MP3s Can Attack Windows XP Computers - U2 Feedback

Go Back   U2 Feedback > Lypton Village > Lemonade Stand > Lemonade Stand Archive
Click Here to Login
 
 
Thread Tools Search this Thread Display Modes
 
Old 12-19-2002, 07:20 PM   #1
ONE
love, blood, life
 
melon's Avatar
 
Join Date: Oct 2000
Location: Toronto, Ontario
Posts: 11,781
Local Time: 02:06 AM
MP3s Can Attack Windows XP Computers

http://www.msnbc.com/news/849418.asp?0cv=CB10&cp1=1

Yep...if you are a Windows XP user and download MP3s, this is very important.

"A newly-discovered flaw in Windows XP puts digital music users at risk, Microsoft Corp. announced Wednesday. A bug in Microsoft’s flagship operating system software allows computer attackers to craft MP3 or WMA music files that give them control of listeners’ computers. Simply browsing to a Web page or folder where such an MP3 file is stored would be enough to invoke the malicious code, and allow an attacker to create, modify, or delete data on the victim’s computer. The flaw was discovered in a research lab by security firm Foundstone Inc. CEO George Kurtz said he believes it’s the first such vulnerability impacting sound file formats.

Digital music files come with attached information, or attributes, which describe the name of the song, the sample rate and other basic file information. An attacker can insert malicious code in that data which causes a “buffer overrun,” causing the computer to surrender control to the attack.

Victims need not be induced to play the infected music file to cause an attack. Because of the way Windows file Explorer reads the attribute information, simply hovering over an infected music file’s icon is enough to cause the buffer overrun. Accessing a folder where the file lives would also invoke the malicious program, as would visiting a Web site where the file is stored.

Only Windows XP users are vulnerable, but users of other operating systems can act as “carriers,” because infected MP3 files will play like normal music files to them. They could unwittingly pass an infected file along to a Windows XP user, who could then be attacked, Kurtz said."

So, considering that most users don't even check Windows Update on their "Start Menu," this is one of those instances where you should. There is a patch for this vulnerability available.

Melon
__________________

__________________
melon is offline  
Old 12-19-2002, 07:33 PM   #2
Blue Crack Distributor
 
LarryMullen's POPAngel's Avatar
 
Join Date: Jun 2001
Location: I'll be up with the sun, I'm not coming down...
Posts: 53,698
Local Time: 02:06 AM

Nice.


__________________

__________________
LarryMullen's POPAngel is offline  
Old 12-19-2002, 07:35 PM   #3
ONE
love, blood, life
 
melon's Avatar
 
Join Date: Oct 2000
Location: Toronto, Ontario
Posts: 11,781
Local Time: 02:06 AM
Re: MP3s Can Attack Windows XP Computers

Quote:
Originally posted by melon
So, considering that most users don't even check Windows Update on their "Start Menu," this is one of those instances where you should. There is a patch for this vulnerability available.
I particularly wish to re-emphasize this statement. There is a fix for this problem, so, please, download it.

Melon
__________________
melon is offline  
Old 12-19-2002, 07:37 PM   #4
Rock n' Roll Doggie
FOB
 
daisybean's Avatar
 
Join Date: Feb 2002
Location: Born under a bad sign with a blue moon in your eyes
Posts: 8,577
Local Time: 02:06 AM


What's the difference between the 32 bit version and the 64 bit version?

Edit to ad..I have my comp set to download critical updates immediately...and it did it this morning...so I am pretty sure I already have it on there...there are no critical updates for me at this time.
__________________
"....But all I ever hear from you is "
daisybean is offline  
Old 12-19-2002, 07:57 PM   #5
ONE
love, blood, life
 
melon's Avatar
 
Join Date: Oct 2000
Location: Toronto, Ontario
Posts: 11,781
Local Time: 02:06 AM
Quote:
Originally posted by daisybean
What's the difference between the 32 bit version and the 64 bit version?
You have the 32-bit version. You'd know if you had the 64-bit version, because you would be geeky enough to have a 64-bit processor, which is, currently, some server-level processors (although AMD has developed a 64-bit processor that is fully backwards compatible with 32-bit computing to be released at a later date).

Melon
__________________
melon is offline  
Old 12-19-2002, 08:36 PM   #6
ONE
love, blood, life
 
Join Date: Aug 2001
Posts: 11,961
Local Time: 02:06 AM
Normal

thanks for the info melon.

*goes off to update
__________________
Screaming Flower is offline  
Old 12-19-2002, 08:43 PM   #7
Blue Crack Addict
 
meegannie's Avatar
 
Join Date: Oct 2001
Location: Norwich, England
Posts: 15,798
Local Time: 07:06 AM
I updated and when I restarted, it removed IE from my desktop and now my computer is running super slow.
__________________
meegannie is offline  
Old 12-19-2002, 08:59 PM   #8
Blue Crack Addict
 
deep's Avatar
 
Join Date: Apr 2002
Location: A far distance down.
Posts: 28,501
Local Time: 11:06 PM
Re: Re: MP3s Can Attack Windows XP Computers

Quote:
Originally posted by melon


I particularly wish to re-emphasize this statement. There is a fix for this problem, so, please, download it.

Melon
i don't trust micro soft or bill gates.

I am keeping my win98 os.

I heard xp had a lot of back door stuff encoded in it.

This may not be an accident, something to track mp3s for the muzak industry.

no xp for me
__________________
deep is offline  
Old 12-19-2002, 11:32 PM   #9
War Child
 
Cow of the Seas's Avatar
 
Join Date: Jan 2001
Location: Njosnavelin
Posts: 834
Local Time: 01:06 AM
well i have xp, and i cant play music for more than 15 minutes without the whole computer freezing while im on the internet.

apparently the audio and modem jack share the same driver?

does that make sense? how stupid is that? anything i can do fix it?
__________________
those evil natured robots
theyre programed to destroy us
she gotta be strong to fight them
so shes taking lots of vitamins
cause she knows that
it be tragic
if those evil robots win
Cow of the Seas is offline  
Old 12-19-2002, 11:43 PM   #10
ONE
love, blood, life
 
melon's Avatar
 
Join Date: Oct 2000
Location: Toronto, Ontario
Posts: 11,781
Local Time: 02:06 AM
Quote:
Originally posted by Cow of the Seas
apparently the audio and modem jack share the same driver?

does that make sense? how stupid is that? anything i can do fix it?
This solution completely depends on how progressive your BIOS is (which is why I refuse to buy packaged computers). Most computers, by default, are running where Windows sets the IRQ settings ("Plug-and-Play OS"). However, depending on your BIOS, you can disable that, and allow your BIOS to allocate resources for your hardware. If at all possible, always let your BIOS assign the IRQs for your hardware. However, not every computer will allow this.

IRQ, at least, is what I think you mean. They don't share the same driver. I once had a problem similar to yours, and this is how I fixed it. In the end, you may simply have to reformat and reinstall.

Melon
__________________
melon is offline  
Old 12-19-2002, 11:46 PM   #11
ONE
love, blood, life
 
melon's Avatar
 
Join Date: Oct 2000
Location: Toronto, Ontario
Posts: 11,781
Local Time: 02:06 AM
Re: Re: Re: MP3s Can Attack Windows XP Computers

Quote:
Originally posted by deep
I am keeping my win98 os.

I heard xp had a lot of back door stuff encoded in it.

This may not be an accident, something to track mp3s for the muzak industry.
There are issues with the GUID in Windows Media Player 8. Unfortunately, WMP isn't limited to Windows XP.

However, Windows 98 is an atrocious OS. I cheered the day I got rid of it. Consider using Windows 2000--has the stable NT core like XP, but without all the privacy worries.

Melon
__________________
melon is offline  
Old 12-19-2002, 11:48 PM   #12
ONE
love, blood, life
 
melon's Avatar
 
Join Date: Oct 2000
Location: Toronto, Ontario
Posts: 11,781
Local Time: 02:06 AM
Quote:
Originally posted by meegannie
I updated and when I restarted, it removed IE from my desktop and now my computer is running super slow.
Assuming you are using Windows XP, you can use "System Restore" in Start-->Accessories-->System Tools to restore your system before you updated. Look for the entry that says, "Windows Update V4" under the correct date.

That is an odd reaction, to say the least.

Melon
__________________
melon is offline  
Old 12-20-2002, 10:42 AM   #13
Paper Gods
Forum Administrator
 
KhanadaRhodes's Avatar
 
Join Date: Jun 2001
Location: a vampire in the limousine
Posts: 60,609
Local Time: 01:06 AM
Quote:
Originally posted by melon
However, Windows 98 is an atrocious OS.
i thought this beared repeating.

i always update my comp when the windows update pops up (sometimes not right away, cuz i always check and it's usually a patch for something i don't use, like windows media player and cuz i hate restarting my computer even though it says i won't have to).
__________________
KhanadaRhodes is offline  
Old 12-20-2002, 10:47 AM   #14
Babyface
 
Silx's Avatar
 
Join Date: Sep 2002
Location: Estonia
Posts: 19
Local Time: 09:06 AM
i have windows 98 too...... And if I ever change it to something else.. then it must be Linux or something...
__________________
Silx is offline  
Old 12-20-2002, 10:49 AM   #15
ONE
love, blood, life
 
melon's Avatar
 
Join Date: Oct 2000
Location: Toronto, Ontario
Posts: 11,781
Local Time: 02:06 AM
Quote:
Originally posted by Silx
i have windows 98 too...... And if I ever change it to something else.. then it must be Linux or something...
Mandrake Linux is the most user-friendly of them all, and is fairly popular. Red Hat, however, is the most popular.

Melon
__________________

__________________
melon is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -5. The time now is 02:06 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Design, images and all things inclusive copyright © Interference.com