On Fri, Jun 17, 2011 at 7:41 PM, V G <x.solarwind.x@gmail.com> wrote:

> On Fri, Jun 17, 2011 at 7:37 PM, Mark Rages <markrages@gmail.com> wrote:
>
>> But a malicious server can serve any MIME type to a URL ending in
>> .png.  On the web, the extension is not used to determine file type.
>>
>
> You're absolutely right, but no computer that's not a shitty winbloze 98
> machine will automatically execute something off the Internet. It would a=
t
> least need to be through a plugin of some sort which would at least warn =
you
> first.
>

I agree that certain holes can be taken advantage of (specifically, I am
reminded of the early iPhone jailbreak exploits which used an image/buffer
overrun technique to execute code on the client), but those are very rare,
obscure, and specific to the target. Also, Apple's proprietary crappy code
was to blame. This rarely happens or is patched extremely quickly on popula=
r
open source software such as Firefox.

Honestly, I do a LOT of risky things on my winbloze box, but I have a solid
web browser and good anti virus and I've never had problems of any sort.
--=20
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist
.