Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

RE: Infected jpeg files?
From: "Brass, Phil (ISS Atlanta)" <PBrass () iss net>
Date: Fri, 9 Nov 2001 13:58:56 -0500 
Actually, they finally found one early october 2001.  Primary reference:
http://www.citi.umich.edu/u/provos/stego/abc.html

Phil


-----Original Message-----
From: Bruce Ediger [mailto:eballen1 () qwest net]
Sent: Friday, November 09, 2001 10:31 AM
To: OBrien, Brennan
Cc: vuln-dev () securityfocus com
Subject: RE: Infected jpeg files?


On Thu, 8 Nov 2001, OBrien, Brennan wrote:


Given that images are a major way of transmitting encoded data, it
stands to reason that the hooks could exist  -- that is, it 

could be a

transport mechanism.  However, the viewer itself would have 

to know to

The view that "internet images transmit encoded data" is thoroughly
discredited:  see 
http://www.theregister.co.uk/content/archive/21829.html

Some researchers examined two million images from eBay, and 
found not a
single image containing steganographically encoded data. 
Primary source:
http://www.citi.umich.edu/techreports/reports/citi-tr-01-11.pdf

But that's neither here nor there in the context of whether 
the dopey IE
warning about viruses in images is correct.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]