Conversation

Notices

1. Foone🏳️‍⚧️ (foone@digipres.club)'s status on Tuesday, 16-Apr-2024 03:09:27 JST Foone🏳️‍⚧️

   I think someone is trying to give me a virus with a tif file. I'm curious as to how that's even possible but I swore an oath about not doing security research so I'm gonna have to avoid looking into it

   • vxo (vxo@digipres.club)'s status on Tuesday, 16-Apr-2024 03:16:19 JST vxo

     in reply to

     @foone that is interesting. I remember OptiPNG having an overflow, but it was fixed years ago and hopefully doesn't still exist in the wild. CVE-2017-1000229

   • Thorsted (thorsted@digipres.club)'s status on Tuesday, 16-Apr-2024 04:04:27 JST Thorsted

     in reply to

     @foone I think I jailbroke my old iPhone using code in a TIFF years ago.

   • Foone🏳️‍⚧️ (foone@digipres.club)'s status on Tuesday, 16-Apr-2024 04:11:48 JST Foone🏳️‍⚧️

     in reply to

     • Walter van Holst

     @whvholst I'm named Turing, so all my everything is Turing complete

   • Walter van Holst (whvholst@eupolicy.social)'s status on Tuesday, 16-Apr-2024 04:11:49 JST Walter van Holst

     in reply to

     @foone TIFF is Turing complete...

   • Foone🏳️‍⚧️ (foone@digipres.club)'s status on Tuesday, 16-Apr-2024 04:22:46 JST Foone🏳️‍⚧️

     in reply to

     okay I grabbed the file on a linux computer and converted it to another format so I could safely* view it.

     it's not a hack, they just were doing one of those "your account has been charged 500$ for something, call if you didn't intend this charge" scams.

     probably they just did TIFF to avoid some image detection algorithms.

     * Assuming no one is spamming Langford Basilisks

   • Foone🏳️‍⚧️ (foone@digipres.club)'s status on Tuesday, 16-Apr-2024 04:26:01 JST Foone🏳️‍⚧️

     in reply to

     yeah virustotal didn't see any problems with it. it's just a plain TIFF

   • Foone🏳️‍⚧️ (foone@digipres.club)'s status on Tuesday, 16-Apr-2024 04:32:38 JST Foone🏳️‍⚧️

     in reply to

     anyway I phrased this badly in the first post: I really meant more "how this is SPECIFICALLY possible".

     TIFF is one of those formats that's a container for a bunch of sub-encodings, so it has an absolutely massive attack surface

   • Foone🏳️‍⚧️ (foone@digipres.club)'s status on Tuesday, 16-Apr-2024 04:35:00 JST Foone🏳️‍⚧️

     in reply to

     like a TIFF might contain JPEGs or JBIG or JPEG2000 or MSJPEG or PKZIP or CCITT fax-encodings or weird classic mac things or proprietary scanner formats.
     Any one of those little-used formats could have an undiscovered security vulnerability

   • Foone🏳️‍⚧️ (foone@digipres.club)'s status on Tuesday, 16-Apr-2024 10:52:39 JST Foone🏳️‍⚧️

     in reply to

     • Taffer :godot: 🇨🇦

     @Taffer was that the fun vbs one that had spread on 4chan a long while ago?

   • Taffer :godot: 🇨🇦 (taffer@mastodon.gamedev.place)'s status on Tuesday, 16-Apr-2024 10:52:41 JST Taffer :godot: 🇨🇦

     in reply to

     @foone I got one in a PNG once, it was some JavaScript bullshit in HTML dumped into a text chunk.

   • Foone🏳️‍⚧️ (foone@digipres.club)'s status on Tuesday, 16-Apr-2024 12:37:21 JST Foone🏳️‍⚧️

     in reply to

     • Taffer :godot: 🇨🇦

     @Taffer yeah! I was working for 4chan at the time and helped analyze that particular virus so they could auto-block it.

   • Taffer :godot: 🇨🇦 (taffer@mastodon.gamedev.place)'s status on Tuesday, 16-Apr-2024 12:37:22 JST Taffer :godot: 🇨🇦

     in reply to

     @foone lol it might have been! I grabbed a huge pile of desktop wallpapers from there back in the day