MP3s Can Attack Windows XP Computers

[melon]

http://www.msnbc.com/news/849418.asp?0cv=CB10&cp1=1

Yep...if you are a Windows XP user and download MP3s, this is very important.

"A newly-discovered flaw in Windows XP puts digital music users at risk, Microsoft Corp. announced Wednesday. A bug in Microsoft?s flagship operating system software allows computer attackers to craft MP3 or WMA music files that give them control of listeners? computers. Simply browsing to a Web page or folder where such an MP3 file is stored would be enough to invoke the malicious code, and allow an attacker to create, modify, or delete data on the victim?s computer. The flaw was discovered in a research lab by security firm Foundstone Inc. CEO George Kurtz said he believes it?s the first such vulnerability impacting sound file formats.

Digital music files come with attached information, or attributes, which describe the name of the song, the sample rate and other basic file information. An attacker can insert malicious code in that data which causes a ?buffer overrun,? causing the computer to surrender control to the attack.

Victims need not be induced to play the infected music file to cause an attack. Because of the way Windows file Explorer reads the attribute information, simply hovering over an infected music file?s icon is enough to cause the buffer overrun. Accessing a folder where the file lives would also invoke the malicious program, as would visiting a Web site where the file is stored.

Only Windows XP users are vulnerable, but users of other operating systems can act as ?carriers,? because infected MP3 files will play like normal music files to them. They could unwittingly pass an infected file along to a Windows XP user, who could then be attacked, Kurtz said."

So, considering that most users don't even check Windows Update on their "Start Menu," this is one of those instances where you should. There is a patch for this vulnerability available.

Melon

 

[LarryMullen's POPAngel]

Nice.

 

[melon]

So, considering that most users don't even check Windows Update on their "Start Menu," this is one of those instances where you should. There is a patch for this vulnerability available.

I particularly wish to re-emphasize this statement. There is a fix for this problem, so, please, download it.

Melon

 

[daisybean]

What's the difference between the 32 bit version and the 64 bit version?

Edit to ad..I have my comp set to download critical updates immediately...and it did it this morning...so I am pretty sure I already have it on there...there are no critical updates for me at this time.

 

[melon]

What's the difference between the 32 bit version and the 64 bit version?

You have the 32-bit version. You'd know if you had the 64-bit version, because you would be geeky enough to have a 64-bit processor, which is, currently, some server-level processors (although AMD has developed a 64-bit processor that is fully backwards compatible with 32-bit computing to be released at a later date).

Melon

 

[Screaming Flower]

thanks for the info melon.

*goes off to update

 

[meegannie]

I updated and when I restarted, it removed IE from my desktop and now my computer is running super slow.

 

[deep]

Re: Re: MP3s Can Attack Windows XP Computers

I particularly wish to re-emphasize this statement. There is a fix for this problem, so, please, download it.

Melon

i don't trust micro soft or bill gates.

I am keeping my win98 os.

I heard xp had a lot of back door stuff encoded in it.

This may not be an accident, something to track mp3s for the muzak industry.

no xp for me

 

[Zoomerang96]

well i have xp, and i cant play music for more than 15 minutes without the whole computer freezing while im on the internet.

apparently the audio and modem jack share the same driver?

does that make sense? how stupid is that? anything i can do fix it?

 

[melon]

apparently the audio and modem jack share the same driver?

does that make sense? how stupid is that? anything i can do fix it?

This solution completely depends on how progressive your BIOS is (which is why I refuse to buy packaged computers). Most computers, by default, are running where Windows sets the IRQ settings ("Plug-and-Play OS"). However, depending on your BIOS, you can disable that, and allow your BIOS to allocate resources for your hardware. If at all possible, always let your BIOS assign the IRQs for your hardware. However, not every computer will allow this.

IRQ, at least, is what I think you mean. They don't share the same driver. I once had a problem similar to yours, and this is how I fixed it. In the end, you may simply have to reformat and reinstall.

Melon

 

[melon]

Re: Re: Re: MP3s Can Attack Windows XP Computers

I am keeping my win98 os.

I heard xp had a lot of back door stuff encoded in it.

This may not be an accident, something to track mp3s for the muzak industry.

There are issues with the GUID in Windows Media Player 8. Unfortunately, WMP isn't limited to Windows XP.

However, Windows 98 is an atrocious OS. I cheered the day I got rid of it. Consider using Windows 2000--has the stable NT core like XP, but without all the privacy worries.

Melon

 

[melon]

I updated and when I restarted, it removed IE from my desktop and now my computer is running super slow.

Assuming you are using Windows XP, you can use "System Restore" in Start-->Accessories-->System Tools to restore your system before you updated. Look for the entry that says, "Windows Update V4" under the correct date.

That is an odd reaction, to say the least.

Melon

 

[KhanadaRhodes]

However, Windows 98 is an atrocious OS.

i thought this beared repeating.

i always update my comp when the windows update pops up (sometimes not right away, cuz i always check and it's usually a patch for something i don't use, like windows media player and cuz i hate restarting my computer even though it says i won't have to).

 

[Silx]

i have windows 98 too...... And if I ever change it to something else.. then it must be Linux or something...

 

[melon]

i have windows 98 too...... And if I ever change it to something else.. then it must be Linux or something...

Mandrake Linux is the most user-friendly of them all, and is fairly popular. Red Hat, however, is the most popular.

Melon

 

[ABEL]

I've been thinking about upgrading to Windows XP, but I've been apprehensive about it....this thread makes me wonder if it's worth it

 

[melon]

I've been thinking about upgrading to Windows XP, but I've been apprehensive about it....this thread makes me wonder if it's worth it

Quite frankly, this post is a bit deceptive. There are "critical updates" all the time, and, some of the time, the vulnerabilities affect the other Windows versions--Windows 9x / ME / 2000--and XP is immune to it. Most of the time, however, the vulnerabilities affect all of them. I just posted this one, because MP3s are very ubiquitous, and the risk of "infestation" is potentially very high.

Do I like XP? Quite a bit, but that's because I have a fairly top-of-the-line machine, and XP is the only OS that takes advantage of the resources efficiently enough to increase speed. Not even Windows 2000 did this for me. However, on the flip side, if you have a fairly old computer--Pentium III with less than 128 MB of RAM--avoid XP and consider Windows 2000. Windows 2000 sped up my old Pentium II, which was languishing on Windows 98 for the longest time.

Melon

 

[Screaming Flower]

melon you sure know lots of stuff

thank you to interference's friendly computer guy.

 

[melon]

I've been a computer geek longer than I've been a U2 fan. Considering I'm somewhat suffering from U2 burnout, computers are my main object of interest as of late.

Melon

 

[Zoomerang96]

computers are my main object of interest as of late.

and what about ing?

 

[Sicy]

Windows 2000

 

[ABEL]

*caugh*IhaveafreecopyofwindowsXP*caugh* will it not work if I have a Pentium III? I've got Millenium Edition now

 

[melon]

*caugh*IhaveafreecopyofwindowsXP*caugh* will it not work if I have a Pentium III? I've got Millenium Edition now

Quite frankly, it probably won't work optimally under a Pentium III, but it depends on the MHz on the Pentium III. Is it above 333 MHz? Do you have a decent amount of RAM on the machine? How large is your hard drive? There are several questions in the equation.

Melon

 

[ABEL]

how do i find that out?

Quite frankly, it probably won't work optimally under a Pentium III, but it depends on the MHz on the Pentium III. Is it above 333 MHz? Do you have a decent amount of RAM on the machine? How large is your hard drive? There are several questions in the equation.

Melon

 

[melon]

Re: how do i find that out?

Right click on the "My Computer" icon, and hit "Properties." All the information should be right there, regarding your computer.

As for the hard drive, double-click the "My Computer" icon, and right click on the hard drive (C: ) icon, and hit "Properties." It will tell you the size of your hard drive.

Melon

 

[~fairy_girl~]

thanks for the warning ...

one thing i notice about my XP system, is that it doenst shut down sometimes, so i have to switch it off manually and its fine, no messeage comes up like it used to on my old win 98 system.

maybe its just my pc

oh anothere thing i had trouble convertiong MP3 to WAV the other day too maybe thats just me aswell

thanks anyway, am updating now

 

[ABEL]

Re: Re: how do i find that out?

Right click on the "My Computer" icon, and hit "Properties." All the information should be right there, regarding your computer.

As for the hard drive, double-click the "My Computer" icon, and right click on the hard drive (C: ) icon, and hit "Properties." It will tell you the size of your hard drive.

Melon

Dell Pentium(r) III
120.0MB RAM
13.9GB Free Space


and uh....where do I find how many MHz?