GDI+ JPEG exploit worse than first thought

[rogue_red]

Thanx will give that a go. I already have Hijackthis but couldnt understand the results. Cheers

[Vernon Frazee]

Originally posted by patweb
Oh, and an interesting phenomenon after installing Windows XP SP2.

VNC is having problems connecting to certain computers. ...

Did you create a Windows XP SP2 Firewall Exception for the port that VNC uses?

[Vernon Frazee]

Originally posted by patweb
... It is absolutely CRIMINAL that an out of the box brand new computer is capable of being DISABLED within a minute of being connected to a network. ...

IMHO, like our water and electrical supply, internet access is simply another utility. As such, it should be a filtered to a safe standard before it reaches our homes.

[Vernon Frazee]

Originally posted by rogue_red
Thanx will give that a go. I already have Hijackthis but couldnt understand the results. Cheers

You're Welcome.

[Triple7's]

IMHO, like our water and electrical supply, internet access is simply another utility. As such, it should be a filtered to a safe standard before it reaches our homes

Interesting analogy, though water and electricity doesn't "intentionally" or with "malice" set out to destroy a home appliance, or at least ruin your day.
Of course, it might seem that way to floridians these days

[Welshjim]

So how many people have switched out the old gdiplus.dll with the new? Success or problems?
I have only seen two reports so far
DuaneB (in another thread)--problem, had to do system restore, though not clear what .dll he finally wound up with.
104456--success

[Vernon Frazee]

http://discussions.virtualdr.com/sho...582#post868582

[patweb]

U.S. offers download of new $50 bill
Friday, October 1, 2004 Posted: 9:06 AM EDT (1306 GMT)


WASHINGTON (AP) -- The U.S. government will offer over the Internet low-quality images of its new $50 bill for artists, students and others who discover that their computers, scanners or printers won't allow them to view or copy pictures of the new currency.

Uncle Sam is making sure that computers won't cooperate with would-be counterfeiters -- even as it tries to accommodate consumers who legitimately want or need images of the currency.

The government said it also will consider individual requests for higher-quality images -- such as might be used in commercial art projects.

The low-quality images, suitable for school projects and other uses, will be available free at www.moneyfactory.com, a Web site run by the Bureau of Engraving and Printing. The new $50 bill was introduced this week.

"There is no limit on the ways that people may use images of currency. What we don't want is people whipping currency out of their pockets and making copies," said Eugenie Foster, cash project leader in the Federal Reserve Board's division of reserve bank operations and payment systems.

Making these digital copies is getting harder, thanks to secretive anti-counterfeiting technology built into some popular consumer hardware and software products at the request of government regulators and international bankers.

The technology detects and blocks attempts to view, scan or print copies of the redesigned $20 and $50 bills and, in a pop-up window, urges consumers to visit a Web site, www.rulesforuse.org, to learn about international counterfeit laws.

The technology, known as the Counterfeit Deterrence System, was designed by a consortium of 27 central banks in the United States, England, Japan, Canada and across the European Union, the Central Bank Counterfeit Deterrence Group.

Its broad adoption represents one of the rare occasions when the U.S. technology industry has quietly agreed to requests by government and finance officials to include third-party software code in commercial products. Most companies have never publicly revealed to customers they include such counterfeit protections in products.

Precisely how the technology works is a mystery. The U.S. government keeps its inner workings a closely guarded secret, arguing that disclosing too much information could help counterfeiters circumvent protections.

It also has declined to identify which companies have agreed to add the technology in their products, although Kodak, Xerox, Adobe Systems, Ulead Systems and Hewlett-Packard are among those known to use it. The European Union is considering a proposal to require all software companies to include such anti-counterfeit technology.

"We are very pleased with the amount of cooperation we've gotten," said Foster, who serves as U.S. representative to the international anti-counterfeit group. "Most (companies) have recognized that counterfeit currency is a threat to their customers and the public."

The Federal Reserve earlier this year denied a request and an appeal by The Associated Press under the U.S. Freedom of Information Act to learn some details about the system. The AP, which first revealed the program's existence in January, sought to learn whether the technology surreptitiously tracks consumers who try to copy bills, which U.S. agencies and private vendors built it, and how much it cost.

The reserve's board of governors told the AP it located a stack of papers 52 inches tall about the mysterious technology but agreed to release only 14 pages. It said the other documents represented trade secrets, internal letters or law enforcement procedures that couldn't be disclosed under the information act.

One document obtained by the AP, a 1998 U.S. government business solicitation, mandated that "any color printer must include a tracing system that encodes system identification in any output. This will tie the output to the originating equipment so that forensic identification of the equipment is possible in the event of illegal printing of currency images due to failure or circumvention of the recognition system(s)...."

Other papers turned over to the AP said the anti-counterfeit technology "does not have the capacity to track the use of a personal computer or digital imaging tool."

Foster also said the technology doesn't trace attempts to copy bills.

"The only thing this system does is prevent someone from making a copy of a currency note," she said. "It does not trace or report back any information about the individual."

Foster said the counterfeit protections built into consumer products recognize only the newly redesigned $20 and $50 bills, but upcoming changes to other currencies also will be expected to trigger the system.

http://www.cnn.com/2004/US/10/01/cop....ap/index.html

[Welshjim]

Vernon Frazee--I add your experience to the list of successful installations. So now it is you and 104456 with successful substitutions and DuaneB with a likely unsuccessful substitution of the new gdiplus.dll file from MS in Third Party programs.
I would hope more people would reply.
Still no word from Microsoft Windows Update.

[ttodd]

All of this makes me wonder if I should stick with my ME windows Platform and wait for MS Longhorn in 2006 ??

I mean XP was the system of choice for a lot of you, and i have been waiting to the day when I feel comfortable to make the switch.

there isn't a week that goes by in the past 6 months when another security risk of XP is divulged. I never heard this much bad publicity since ME windows was only on the market for less than a year. I have been using ME windows since Oct 2000 and have never had a serious virus, only had to format once and that was on my own accord to free up a lot of HD space.

But 97% of PC users are windows and the MAC which is supposed to be invulnerable to all of these virus's still sits in the wings..

[SuperSparks]

It's the old story unfortunately, it isn't that XP is any less secure, in fact it's the most secure version of Windows. But anyone who's writing malware is going to target the biggest audience, and that is Windows XP. With ME you are getting "security through obscurity" in that nobody much bothers to target it, and it's just the same with the Mac.

[LotusAstra]

So far, there hasn't been a single Hotfix for XP SP2, whilst previous versions of XP have had 2 in that same period of time.

Don't know how much longer it'll stay update free for, but so far so good. We'll see what happens on the 12 Oct...

Now i know that other windows components have had updates (.NET Framework 1.1 SP1 & Windows Script 5.6), also this GDI related stuff that seems to effect quite a few 3rd party applications like Office and some Photo Programs etc... But at least the OS (and browser) itself has managed to stay all clear for once.

Regards

[frebo]

they are already using the worm on aol im users


http://www.pcworld.com/news/article/0,aid,117481,00.asp

[Dudley]

Vernon Frazee? THE Vernon Frazee from ATNT?

[ttodd]

What is this??? 29 months go by and you are saying what????????????????????????