[linux] Best linux tools for removal of windows exploit files on pic CDRs ??

db dbota at att.net
Tue Aug 22 18:00:25 PDT 2006 

Well back to square one. 

I did I test on a jpg file and converted it to a .png file so as to 
rewrap it,  (lose any potential jpg exploit while retaining pic 
quality...) and the file was exactly almost  10 times the size as the 
jpg.  Since I have 5 CDs worth of jpg files (about 2.5 GB's in all), 
converting them would leave me with 25 GB's or 25 CD's worth of pic 
files.  Way too much to deal with storage wise and everywise. 

Sounds like I can just copy and reburn the jpgs on the CD's while on a 
linux machine and that will safely eliminate all non jpg exploits.   I 
still don't however have a feasible work around that will allow me to 
not pass on to potential non-patched windows machine any jpg exploits 
that could exist on the CD's.

Maybe there is no solution for this aspect?   Can anyone suggest any 
other work arounds?
All will be appreciated.  Thanks,

db

Ethan Merritt wrote:
> On Monday 21 August 2006 02:00 pm, you wrote:
>   
>> I could probably do that easy enough using via a batch file conversion,
>> but because jpg is a loessy file type, wouldn't I experience a  loss in
>> picture quality to all my files if I converted/resaved all the files??
>>     
>
> The loss happens when you create a jpeg file.  You don't lose anything
> additional during readout or playback.  So if you convert from a lossy
> format (jpeg) to a loss-less format (png), you are OK.   Of course, the
> png file is bigger than the original jpeg, but that's the price you pay
> for loss-less storage.
>
> 	EAM
>
>   
>> I wouldn't mind losing quality to some infected files or even losing
>> them completely but if that is true I would rather try to avoid across
>> the board quality loss to all the jpg's.  (There are also a smaller
>> number of digital movie files on the CDs but I don't imagine they would
>> be an exploit problem in any case....)
>> db
>>
>> Ethan Merritt wrote:
>>     
>>> On Monday 21 August 2006 12:18 pm, db wrote:
>>>       
>>>> Thanks for the advice to simply use the Linux machine to copy the
>>>> files but it seems to rely on there being no jpg picture file
>>>> exploits.
>>>>         
>>> That was why I suggested that you use the linux machine to convert
>>> the jpg files to something else.  Actually, you could "convert" from
>>> jpeg to another jpeg if you want.  The idea is that any exploit hiding
>>> in the original jpeg file is dependent on specially crafted envelope
>>> information in addition to the picture contents.  The conversion tool
>>> will generate new envelope information for the output image, so even
>>> if the picture contents were the same (but they won't be in the case
>>> of jpeg) it still would no longer be an exploit.
>>>
>>>       
>>>> In
>>>> checking, I see that there are some jpg exploits  ...  admittedly they
>>>> surfaced in 2004   (*Exploit*-MS04-028) and an up to date  windows
>>>> machine has been patched for those but perhaps there are  new
>>>> variants?
>>>>
>>>> I would also prefer not to be possibly circulating a jpg exploit with
>>>> my pics that could compromise somebody's unpatched windows
>>>> computer...
>>>>
>>>> Does anyone have further info on the jpg exploit issue and linux tools
>>>> for culling windoze exploits from files?
>>>>
>>>> Thanks for all the info that's been volunteered ...
>>>>
>>>> db
>>>>
>>>> Chris DeVoney wrote:
>>>>         
>>>>>> From: linux-bounces at mailman1.u.washington.edu
>>>>>> [mailto:linux-bounces at mailman1.u.washington.edu] On Behalf Of
>>>>>> Evan Martin
>>>>>> Sent: Sunday, August 20, 2006 6:34 PM
>>>>>>
>>>>>> Since (AFAIK) there are no exploits for jpegs (anyway, an
>>>>>> exploit would target a particular jpeg decoder, not jpegs
>>>>>> themselves), I'd copy all the images off the CD on a Linux
>>>>>> machine, then burn those to a new CD.
>>>>>>             
>>>>> There was a buffer overflow exploit in Windows (CAN-2004-0200,
>>>>> MS04-028) patched long ago. Like you, I am unaware of any image
>>>>> exploit under Linux and second the motion of mounting the drive, copy
>>>>> off the JPEGs, and reburn. With modest precaution, you could even
>>>>> load the CD under Windows (just hold down that shift key) and copy
>>>>> off the JPEGS.
>>>>>
>>>>> I was looking the reported list and wonder how did some of these get
>>>>> on the CD? The ones mentioned by db are mass-mailer vectored. Since
>>>>> they are not copied automatically when a disk is created, could they
>>>>> have been copied with the images?
>>>>>
>>>>> cdv
>>>>>
>>>>> Chris DeVoney
>>>>> Division of Metabolism, Endocrinology, and Nutrition
>>>>> UW School of Medicine
>>>>>           
>
>

More information about the Linux mailing list