Probable security breech - how do I fix it?

Hi

Using Vista 64 bit Home Premium, MSE, and Spybot,

Yesterday I posted a pic on an eBay forum using this code

<a href="http://tinypic.com" target="_blank"><img
src="http://ixx.tinypic.com/image.jpg" border="0" alt="Image and video
hosting by TinyPic"></a>

(The only things changed above are some image IDs.)

I used this particular image format because the other three I tried resulted
only in "link" with an underscore, and this one produced an image.

About an hour after posting the pic, I noticed that you could click on the
image in the eBay forum post, and it would take you to the image host site.
Once there, another window with a "browse" button allowed you to go directly
into the files on my computer! I had the eBay post containing the image
deleted, but it may haves been too late--about 2 hours after the image was
posted. I deleted the image on my computer that used the filename that was
uploaded, but I still have the original image from my camera on my computer.
I haven't been able to delete the image at the image hosting site. I don't
have an account set up there, so there's no password protection.

What should I do now?

RESENT--Original got trashed in MS server

"popalong" <> wrote in message
news:90DDC55A-6D6B-4702-A984-...
> Hi
>
> Using Vista 64 bit Home Premium, MSE, and Spybot,
>
> Yesterday I posted a pic on an eBay forum using this code
>
> <a href="http://tinypic.com" target="_blank"><img
> src="http://ixx.tinypic.com/image.jpg" border="0" alt="Image and video
> hosting by TinyPic"></a>
>
> (The only things changed above are some image IDs.)
>
> I used this particular image format because the other three I tried
> resulted only in "link" with an underscore, and this one produced an
> image.
>
> About an hour after posting the pic, I noticed that you could click on the
> image in the eBay forum post, and it would take you to the image host
> site. Once there, another window with a "browse" button allowed you to go
> directly into the files on my computer! I had the eBay post containing
> the image deleted, but it may haves been too late--about 2 hours after the
> image was posted. I deleted the image on my computer that used the
> filename that was uploaded, but I still have the original image from my
> camera on my computer. I haven't been able to delete the image at the
> image hosting site. I don't have an account set up there, so there's no
> password protection.
>
> What should I do now?

popalong wrote:


> Using Vista 64 bit Home Premium, MSE, and Spybot,
>
> Yesterday I posted a pic on an eBay forum using this code
>
> <a href="http://tinypic.com" target="_blank"><img
> src="http://ixx.tinypic.com/image.jpg" border="0" alt="Image and video
> hosting by TinyPic"></a>
>
> (The only things changed above are some image IDs.)
>
> I used this particular image format because the other three I tried
> resulted only in "link" with an underscore, and this one produced an
> image.
>
> About an hour after posting the pic, I noticed that you could click on the
> image in the eBay forum post, and it would take you to the image host
> site. Once there, another window with a "browse" button allowed you to go
> directly
> into the files on my computer! I had the eBay post containing the image
> deleted, but it may haves been too late--about 2 hours after the image was
> posted. I deleted the image on my computer that used the filename that
> was uploaded, but I still have the original image from my camera on my
> computer.
> I haven't been able to delete the image at the image hosting site. I
> don't have an account set up there, so there's no password protection.
>
> What should I do now?

Contact the unnamed image hosting company for an explanation. I wouldn't
worry about your own security. You're using a firewall and there is nothing
inherently evil about your own image file. No need to panic and go deleting
it from your hard drive and camera.

Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
http://www.elephantboycomputers.com/#FAQ

The image hosting service is tinypic.com. The window that I referred to
previously, that appears when the user clicks on the posted photo is
actually a dialog box. The browse button I referred to is to select images
from my HDD for uploading to the image host. The photo that I uploaded and
posted in the eBay forum came from my desktop--not from my picture folder.
And when I clicked on the browse button, I had access to the entire contents
of the HDD, not just the picture folder.

If you're confident that my firewall will prevent a different computer from
entering my computer, using the above scenario, then I won't worry about
this, and won't pursue it any further. Also please advise me if it's okay
to upload images from my desktop, or if I should be using a public pictures
folder for this.

Please let me know ASAP.
Thanks

"Malke" <> wrote in message
news:...
> popalong wrote:
>
>
>> Using Vista 64 bit Home Premium, MSE, and Spybot,
>>
>> Yesterday I posted a pic on an eBay forum using this code
>>
>> <a href="http://tinypic.com" target="_blank"><img
>> src="http://ixx.tinypic.com/image.jpg" border="0" alt="Image and video
>> hosting by TinyPic"></a>
>>
>> (The only things changed above are some image IDs.)
>>
>> I used this particular image format because the other three I tried
>> resulted only in "link" with an underscore, and this one produced an
>> image.
>>
>> About an hour after posting the pic, I noticed that you could click on
>> the
>> image in the eBay forum post, and it would take you to the image host
>> site. Once there, another window with a "browse" button allowed you to go
>> directly
>> into the files on my computer! I had the eBay post containing the image
>> deleted, but it may haves been too late--about 2 hours after the image
>> was
>> posted. I deleted the image on my computer that used the filename that
>> was uploaded, but I still have the original image from my camera on my
>> computer.
>> I haven't been able to delete the image at the image hosting site. I
>> don't have an account set up there, so there's no password protection.
>>
>> What should I do now?
>
> Contact the unnamed image hosting company for an explanation. I wouldn't
> worry about your own security. You're using a firewall and there is
> nothing
> inherently evil about your own image file. No need to panic and go
> deleting
> it from your hard drive and camera.
>
> Malke
> --
> MS-MVP
> Elephant Boy Computers - Don't Panic!
> http://www.elephantboycomputers.com/#FAQ
>

On Wed, 14 Oct 2009 06:15:37 -0700, popalong wrote:

> The image hosting service is tinypic.com. The window that I referred to
> previously, that appears when the user clicks on the posted photo is
> actually a dialog box. The browse button I referred to is to select images
> from my HDD for uploading to the image host. The photo that I uploaded and
> posted in the eBay forum came from my desktop--not from my picture folder.
> And when I clicked on the browse button, I had access to the entire contents
> of the HDD, not just the picture folder.
>
> If you're confident that my firewall will prevent a different computer from
> entering my computer, using the above scenario, then I won't worry about
> this, and won't pursue it any further. Also please advise me if it's okay
> to upload images from my desktop, or if I should be using a public pictures
> folder for this.

You're getting all freaked out over nothing here and Malke's explanation
isn't doing much good. This has nothing at all to do with your firewall,
nor can someone from another computer browse your hard drive using the
upload control on that page.

When you click on the browse button from your computer, it does in fact
allow you to browse your computer, that's the point of the control. When
someone on another computer, either inside or outside of your network
clicks on the same control on the same web page, it lets them browse the
contents of *their* computer. There is no connection between what you
uploaded, that browse control, and access to your computer.

As I said, you're getting all freaked out over nothing.

--
Paul Adare
MVP - Identity Lifecycle Manager
http://www.identit.ca

sort of like...
file:///c:/windows



--
Windows 7 RC
http://get.live.com/wlmail/overview
http://download.live.com/wlmail

"Paul Adare" <> wrote in message
news:71fimenj5qn1$.1kaxr0vpyo1wd$... .
> On Wed, 14 Oct 2009 06:15:37 -0700, popalong wrote:
>
>> The image hosting service is tinypic.com. The window that I referred to
>> previously, that appears when the user clicks on the posted photo is
>> actually a dialog box. The browse button I referred to is to select
>> images
>> from my HDD for uploading to the image host. The photo that I uploaded
>> and
>> posted in the eBay forum came from my desktop--not from my picture
>> folder.
>> And when I clicked on the browse button, I had access to the entire
>> contents
>> of the HDD, not just the picture folder.
>>
>> If you're confident that my firewall will prevent a different computer
>> from
>> entering my computer, using the above scenario, then I won't worry about
>> this, and won't pursue it any further. Also please advise me if it's
>> okay
>> to upload images from my desktop, or if I should be using a public
>> pictures
>> folder for this.
>
> You're getting all freaked out over nothing here and Malke's explanation
> isn't doing much good. This has nothing at all to do with your firewall,
> nor can someone from another computer browse your hard drive using the
> upload control on that page.
>
> When you click on the browse button from your computer, it does in fact
> allow you to browse your computer, that's the point of the control. When
> someone on another computer, either inside or outside of your network
> clicks on the same control on the same web page, it lets them browse the
> contents of *their* computer. There is no connection between what you
> uploaded, that browse control, and access to your computer.
>
> As I said, you're getting all freaked out over nothing.
>
> --
> Paul Adare
> MVP - Identity Lifecycle Manager
> http://www.identit.ca

On Wed, 14 Oct 2009 06:15:37 -0700, "popalong" <>
wrote:

>The image hosting service is tinypic.com. The window that I referred to
>previously, that appears when the user clicks on the posted photo is
>actually a dialog box. The browse button I referred to is to select images
>from my HDD for uploading to the image host. The photo that I uploaded and
>posted in the eBay forum came from my desktop--not from my picture folder.
>And when I clicked on the browse button, I had access to the entire contents
>of the HDD, not just the picture folder.
>
>If you're confident that my firewall will prevent a different computer from
>entering my computer, using the above scenario, then I won't worry about
>this, and won't pursue it any further. Also please advise me if it's okay
>to upload images from my desktop, or if I should be using a public pictures
>folder for this.

NOBODY can say what will happen , it`s up to you to decide what you
wish .


>
>Please let me know ASAP.
>Thanks
>
>"Malke" <> wrote in message
>news:...
>> popalong wrote:
>>
>>
>>> Using Vista 64 bit Home Premium, MSE, and Spybot,
>>>
>>> Yesterday I posted a pic on an eBay forum using this code
>>>
>>> <a href="http://tinypic.com" target="_blank"><img
>>> src="http://ixx.tinypic.com/image.jpg" border="0" alt="Image and video
>>> hosting by TinyPic"></a>
>>>
>>> (The only things changed above are some image IDs.)
>>>
>>> I used this particular image format because the other three I tried
>>> resulted only in "link" with an underscore, and this one produced an
>>> image.
>>>
>>> About an hour after posting the pic, I noticed that you could click on
>>> the
>>> image in the eBay forum post, and it would take you to the image host
>>> site. Once there, another window with a "browse" button allowed you to go
>>> directly
>>> into the files on my computer! I had the eBay post containing the image
>>> deleted, but it may haves been too late--about 2 hours after the image
>>> was
>>> posted. I deleted the image on my computer that used the filename that
>>> was uploaded, but I still have the original image from my camera on my
>>> computer.
>>> I haven't been able to delete the image at the image hosting site. I
>>> don't have an account set up there, so there's no password protection.
>>>
>>> What should I do now?
>>
>> Contact the unnamed image hosting company for an explanation. I wouldn't
>> worry about your own security. You're using a firewall and there is
>> nothing
>> inherently evil about your own image file. No need to panic and go
>> deleting
>> it from your hard drive and camera.
>>
>> Malke
>> --
>> MS-MVP
>> Elephant Boy Computers - Don't Panic!
>> http://www.elephantboycomputers.com/#FAQ
>>

Exactly!

"Dave" <> wrote in message
news:...
> sort of like...
> file:///c:/windows
>
>
>
> --
> Windows 7 RC
> http://get.live.com/wlmail/overview
> http://download.live.com/wlmail
>
> "Paul Adare" <> wrote in message
> news:71fimenj5qn1$.1kaxr0vpyo1wd$... .
>> On Wed, 14 Oct 2009 06:15:37 -0700, popalong wrote:
>>
>>> The image hosting service is tinypic.com. The window that I referred to
>>> previously, that appears when the user clicks on the posted photo is
>>> actually a dialog box. The browse button I referred to is to select
>>> images
>>> from my HDD for uploading to the image host. The photo that I uploaded
>>> and
>>> posted in the eBay forum came from my desktop--not from my picture
>>> folder.
>>> And when I clicked on the browse button, I had access to the entire
>>> contents
>>> of the HDD, not just the picture folder.
>>>
>>> If you're confident that my firewall will prevent a different computer
>>> from
>>> entering my computer, using the above scenario, then I won't worry about
>>> this, and won't pursue it any further. Also please advise me if it's
>>> okay
>>> to upload images from my desktop, or if I should be using a public
>>> pictures
>>> folder for this.
>>
>> You're getting all freaked out over nothing here and Malke's explanation
>> isn't doing much good. This has nothing at all to do with your firewall,
>> nor can someone from another computer browse your hard drive using the
>> upload control on that page.
>>
>> When you click on the browse button from your computer, it does in fact
>> allow you to browse your computer, that's the point of the control. When
>> someone on another computer, either inside or outside of your network
>> clicks on the same control on the same web page, it lets them browse the
>> contents of *their* computer. There is no connection between what you
>> uploaded, that browse control, and access to your computer.
>>
>> As I said, you're getting all freaked out over nothing.
>>
>> --
>> Paul Adare
>> MVP - Identity Lifecycle Manager
>> http://www.identit.ca
>

popalong wrote:

> The image hosting service is tinypic.com. The window that I referred to
> previously, that appears when the user clicks on the posted photo is
> actually a dialog box. The browse button I referred to is to select
> images
> from my HDD for uploading to the image host. The photo that I uploaded
> and posted in the eBay forum came from my desktop--not from my picture
> folder. And when I clicked on the browse button, I had access to the
> entire contents of the HDD, not just the picture folder.
>
> If you're confident that my firewall will prevent a different computer
> from entering my computer, using the above scenario, then I won't worry
> about
> this, and won't pursue it any further. Also please advise me if it's okay
> to upload images from my desktop, or if I should be using a public
> pictures folder for this.

No, you're misunderstanding things. Of course when you go to upload
something you're given a browse button that shows your hard drive. You're
being given the opportunity to navigate to a file somewhere on your hard
drive to select for uploading. It doesn't matter whether the file is in your
Public folder, your user's Pictures folder, or wherever. It's how uploading
*works*. It doesn't mean someone from the outside is watching you do this.

As far as your firewall goes, all I meant by that was that you seem to have
the normal protection of your system. Because you uploaded a picture to an
image hosting site doesn't mean someone from the outside can get into your
computer. I really think you're fretting over nothing because you've not
really understood the uploading process and what you saw.

Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
http://www.elephantboycomputers.com/#FAQ

Thanks! I'll stop worrying. The issue is settled.

"Malke" <> wrote in message
news:...
> popalong wrote:
>
>> The image hosting service is tinypic.com. The window that I referred to
>> previously, that appears when the user clicks on the posted photo is
>> actually a dialog box. The browse button I referred to is to select
>> images
>> from my HDD for uploading to the image host. The photo that I uploaded
>> and posted in the eBay forum came from my desktop--not from my picture
>> folder. And when I clicked on the browse button, I had access to the
>> entire contents of the HDD, not just the picture folder.
>>
>> If you're confident that my firewall will prevent a different computer
>> from entering my computer, using the above scenario, then I won't worry
>> about
>> this, and won't pursue it any further. Also please advise me if it's
>> okay
>> to upload images from my desktop, or if I should be using a public
>> pictures folder for this.
>
> No, you're misunderstanding things. Of course when you go to upload
> something you're given a browse button that shows your hard drive. You're
> being given the opportunity to navigate to a file somewhere on your hard
> drive to select for uploading. It doesn't matter whether the file is in
> your
> Public folder, your user's Pictures folder, or wherever. It's how
> uploading
> *works*. It doesn't mean someone from the outside is watching you do this.
>
> As far as your firewall goes, all I meant by that was that you seem to
> have
> the normal protection of your system. Because you uploaded a picture to an
> image hosting site doesn't mean someone from the outside can get into your
> computer. I really think you're fretting over nothing because you've not
> really understood the uploading process and what you saw.
>
> Malke
> --
> MS-MVP
> Elephant Boy Computers - Don't Panic!
> http://www.elephantboycomputers.com/#FAQ
>