Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Simson Garfinkel

A View from Simson Garfinkel

The JPEG of Death

Computer hackers have taken some pornographic JPEGs and augmented them with an exploit that uses the JPEG vulnerability that Microsoft recently announced, as reported by Computerworld. The exploit isn’t a virus, but instead turns the compromised computer into a bulk-mail…

  • September 29, 2004

Computer hackers have taken some pornographic JPEGs and augmented them with an exploit that uses the JPEG vulnerability that Microsoft recently announced, as reported by Computerworld. The exploit isn’t a virus, but instead turns the compromised computer into a bulk-mail spam machine, proof once again that the hackers and the spammers have teamed up.

What’s really neat about this exploit is that many people had long expected that the JPEG decompress routines, because of their complexity, almost certainly had to have some kind of buffer overflow in them. But it took literally years for someone to find it…

I went to Windows Update yesterday with a Windows 98 machine — a machine that Microsoft officially doesn’t support anymore. Nevertheless, Microsoft was more than happy to download the JPEG fix to me. Clearly, they are taking this one very seriously.

Once again, this is proof that every Windows machine being used to browse the Internet shoud have automatic updates on by default.

Want more award-winning journalism? Subscribe to Insider Basic.
  • Insider Basic {! insider.prices.basic !}*

    {! insider.display.menuOptionsLabel !}

    Six issues of our award winning print magazine, unlimited online access plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    Print Magazine (6 bi-monthly issues)

    Unlimited online access including all articles, multimedia, and more

    The Download newsletter with top tech stories delivered daily to your inbox

/3
You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.