Home page logo

basics logo Security Basics mailing list archives

Re: RE: FAX a virus
From: zenmasterbob123 () gmail com
Date: 7 Mar 2007 15:58:00 -0000


I'm not trying to feed the controversey here.  I just have a question.

Suppose I am Billy Skriptoid, and I have fax software, print to fax in my well-known productivity suite, or a third 
party "make-my-computer-a-fax-machine" plug-in.  Because I am 12 and I read it on the interwebs, I am going to take a 
malformed JPEG and send it to my arch adversary (the kid in my class that likes the same girl I do).  Since I know he 
will receive the fax via his computer and open it using the same well-known productivity suite that I use (because it 
came with the machines when our moms bought them for us), I believe that he will now be subject to the vulnerability 
listed in Microsoft Security Bulletin MS04-028.

If I understand your discussion correctly, this won't work because the image is not sent as a JPEG.  It is imaged in my 
own system, then translated into analog output that is sent through POTS (whether or not the target is using VOIP), 
then received on the other end as analog data which is then re-modulated into digital data and used to create an image 
of the entire page that I faxed and not, as I may have supposed, a document file with seperately formatted components.  
So not only have I not avenged myself against little Timmy down the street, I have endangered my own system because 
mine is the only one in the transaction that actually read the malformed JPEG.  

So, am I following a logical path, or is there some factor which I have neglected?

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]