Bitcoin Forum

Other => Meta => Topic started by: conspirosphere.tk on April 28, 2012, 05:06:09 PM



Title: Chrome malware warning
Post by: conspirosphere.tk on April 28, 2012, 05:06:09 PM
Wonder why today I am getting this while browsing the forum?
http://i49.tinypic.com/2drhnon.jpg


Title: Re: Chrome malware warning
Post by: terrytibbs on April 28, 2012, 07:55:59 PM
It's ineededausername's avatar. It looks like the site has been compromised or something.

Quote
<td valign="top" width="16%" rowspan="2" style="overflow: hidden;" class="poster_info">
   <b><a href="https://bitcointalk.org/index.php?action=profile;u=40007" title="View the profile of ineededausername">ineededausername</a></b>
   <div class="smalltext">
      [...]
      <div style="overflow: auto; width: 100%;"><img src="http://www.mstrum.com/onmywaytokorea/wp-content/uploads/2009/07/north-korean-propaganda-other-7.jpg" width="120" height="80" alt="" class="avatar" border="0"></div><br>
      Defender of the motherland... I mean Bitcoin
      [...]
   </div>
</td>

On a related note, Jesus Christ this forum needs new software.


Title: Re: Chrome malware warning
Post by: BadBear on April 28, 2012, 08:55:03 PM
It might be best to require all avatars to be locally hosted on the forums, it would stop this and the people who have 1.3 MB avatars (same guy i think). 


Title: Re: Chrome malware warning
Post by: theymos on April 29, 2012, 01:52:21 AM
I changed it so avatars given as URLs are downloaded, resized, and hosted by the forum. This will only apply to future avatars.


Title: Re: Chrome malware warning
Post by: rjk on April 29, 2012, 01:56:27 AM
I changed it so avatars given as URLs are downloaded, resized, and hosted by the forum. This will only apply to future avatars.
I like this, although I suspect that the people using dynamic avatars from Bitminter et al won't. I wonder if it is possible to "whitelist" those. Also, I doubt the resizer will handle gifs, will it? Not that I care lol.


Title: Re: Chrome malware warning
Post by: theymos on April 29, 2012, 02:02:18 AM
I like this, although I suspect that the people using dynamic avatars from Bitminter et al won't. I wonder if it is possible to "whitelist" those. Also, I doubt the resizer will handle gifs, will it? Not that I care lol.

I'll see how many people complain. Those dynamic images seem unnecessary, though I guess whitelisting could be done if absolutely necessary.

Animated GIFs do not retain their animation when resized. I think you can still upload them if they're already correctly-sized.


Title: Re: Chrome malware warning
Post by: Remember remember the 5th of November on April 30, 2012, 07:04:52 AM
And another good deed done.


Title: Re: Chrome malware warning
Post by: Red Emerald on April 30, 2012, 09:43:07 PM
One more thing to make sure my forum handles properly.


Title: Re: Chrome malware warning
Post by: ineededausername on April 30, 2012, 11:18:17 PM
derp, I'll go change it


Title: Re: Chrome malware warning
Post by: theymos on April 30, 2012, 11:20:31 PM
derp, I'll go change it

I already fixed it for you by uploading it to bitcointalk.org.


Title: Re: Chrome malware warning
Post by: Remember remember the 5th of November on May 01, 2012, 04:12:03 AM
derp, I'll go change it

I already fixed it for you by uploading it to bitcointalk.org.
But what if the image was infected.


Title: Re: Chrome malware warning
Post by: rjk on May 01, 2012, 01:47:55 PM
derp, I'll go change it

I already fixed it for you by uploading it to bitcointalk.org.
But what if the image was infected.
Oh noes, virisses be infectin mah jaypegs.


Title: Re: Chrome malware warning
Post by: Red Emerald on May 01, 2012, 07:28:38 PM
derp, I'll go change it

I already fixed it for you by uploading it to bitcointalk.org.
But what if the image was infected.
Oh noes, virisses be infectin mah jaypegs.
I know there has been arbitrary code executed by PNGs.  That's how one of the iphone jailbreaks worked (after the TIF and then PDF exploits that worked similarly IIRC).

I'm pretty sure resizing the image would kill any malicious behavior (if any at all).


Title: Re: Chrome malware warning
Post by: mcorlett on May 12, 2012, 07:49:35 PM
I changed it so avatars given as URLs are downloaded, resized, and hosted by the forum. This will only apply to future avatars.
What are the specific constraints (in pixels, please)?


Title: Re: Chrome malware warning
Post by: theymos on May 12, 2012, 07:54:14 PM
What are the specific constraints (in pixels, please)?

120px × 80px