"The bottom line: do not worry about JPG viruses, until there is something to be worried about. "
I guess i am just asking: GIFs are really only used on webpages, but jpgs are VERY handy.
Could we not have the ability to view JPGs back - and only "quarantine" GIFs - or is there a real threat somewhere..
* ive switched to outlook 2003 - and clicking every attatment to see images is a drag ( for me anyway) Id like JPGs to be exempt..
It's not really anything to do with viruses. It is the fact that some spammers use images to check if an email address is valid or not. Once they find out it is, you could get much more spam.
Also, turning off images saves bandwidth.
IMHO I think all emails should be in plain text format - if you want rich text, attach a word documents. This will save bandwidth, prevent HTML based viruses and allow faster retrieval of email. HTML email is one of the reasons we have so many worms - they
can be stopped if you block executable attachments (like EXE, VBS, JS and SCR) and use plain text instead.
turning off the internet saves bandwidth too lol ... as i said - im a designer - i send images and recieve images..
The spamming thing - yes - that is GIF
im just wondering why JPG got the same treatment - when according to previous article link - it says they are safe
anyone know what jpgs can do?
Spamming works on JPG's too - infact any embedded content that is located on a remote server.
What may be a good compromise is if you could leave images off by default, and allow images in emails from people you know (i.e. added to address book, checked allow images checkbox).
so why can i get HTML emails - webpages with images in them ( marketing companies)
what differenciates being allowed to view those jpgs, than just sending a JPG in an email and having it displayed? ..like outlook express has always done, and why many designers i know who own office and outlook still use outlook express.
Sorry SBC, but im sort of looking for hard proof
Is there a link, an article, that specifically states a vulnerability to sending a LONE jpg attatchment in an email..
and if so - is there no way for MS to scan the file to determine its an exe or whatever - instead of taking away our functionality
( que SP2 rant..)
It's not the file itself that is the issue. The issue is if the image is embedded in the email (rather than attached), i.e. <img src="http://spammer.com/image.jpg" />. It is the fact that it resides on a remote site and when you download it you tell the
spammer that the email they sent was sent to a valid account.
An attached image is not a problem. Perhaps another way of doing this is to just block images with src beginning with "http://" and only allow relative links (or whatever outlook does to reference attached images.
any others with info on why auto displaying attched images could be malicious?
( remember - if its attached - youve already downloaded it - you just havent DISPLAYED it.. so its got nothing to do with bandwidth)
I had no idea about all of these other reasons that you guys have discussed so far about this particular feature, but for me personally, the biggest thing that I like about this feature is the fact that a lot of spam includes images that I just don't want
to see, period. And the fact that it defaults to NOT showing images in the messages by default, and allowing me to be able to *choose* whether or not I want to see the images is awesome. It's like one, maybe two mouse-clicks for me to see the images in a message
if I determine that the source of the message (and therefore the images in the message) is trusted. I like that more than anything.
Its quite a common practice.. and the fact that they make the images 1x1 px.. its practically not noticeable...
I too like the fact that it blocks the images out and lets me choose.. it also gives me the option to turn it off completely.
the biggest thing that I like about this feature is the fact that a lot of spam includes images that I just don't want to see, period.
A welcome feature among parents who don't like the idea of spammers sending naughty pictures to their children!
and allowing me to be able to *choose* whether or not I want to see the images is awesome.
True. Finally someone who Read The Manual before complaining.
lars - ive looked every where under Outlook2003 "Options" and see no such option anywhere
Please tell me - if you do indeed know - where the option of "Auto display images in emails" is
Im pretty sure when you get an email.. and it blocks out the images.. click on the gray bar at the top of the email, right under the "to/from/subject" pane.. and I think there is an option to automatically download images..
Im not 100% cause my Outlook 2k3 is in the office
In my Outlook 2003 I just have to right click on one of the blocked images and there's the settings.
hmm.. not for me - theres no Options or Properties on the right click
also - even if there is a way to turn on images - whichi dont think there is - the point is why cannot this be on by default - it is not from a remote http site - it is attached.. why is it blocked and what can a jpg do? * From sbc post above:
"An attached image is not a problem. Perhaps another way of doing this is to just block images with src beginning with "http://" and only allow relative links (or whatever outlook does to reference attached images."
OHHh i thought you were talking about embedded images in the HTML Email..not attached images.. shoot.. I just usually double click them and then Fireworks pops up
no i was reffering to how Outlook Express shows you the images in the email pane..and outlook does not.
again - picture recieving an email with 10 sample ads.. in express i could just scroll down and see them - in outlook id have to click each one to view
so the whole point is:
if a jpg is a attached and is not http:// URL - why is it blocked and not allowed to display like express does it
can a jpg actually carry a virus
Notice..this is only my thinking.. I am a regular at Defcon.. hear me out..
can a jpg actually carry a virus
Well.. if a JPG were to carry a virus.. one of three things would happen
1) The jpg would be embedded with information that would cause a buffer overflow in the program that is utilizing jpg compression/decompression (only problem with that, is that JPG compression has been around for a while, its hard to screw up).. THEN.. after
that, the jpg would have to inject executable code (inside of itself) onto the call stack.. (which in .net is not possible).. once that happens then the code would "execute"..
2) You could create an executable that "acts" like a jpg file, yet is really an executable.. somehow you'd have to cause execution to happen, which is hard to do if your system automatically sends a jpg image to a image processing program.
3) Like #1, you could exploit jpg decompression and cause an overflow, in just the decompression itself, rather than the host program.. but this falls under the same conditions as #1.
Either way, you'd have to trick the client into believing that the strangely large file size of the image is "normal".. and somehow hijack the system..
Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.