Probable security breech - how do I fix it?

Discussion in 'Windows Vista Security' started by popalong, Oct 13, 2009.

  1. popalong

    popalong Guest

    Hi

    Using Vista 64 bit Home Premium, MSE, and Spybot,

    Yesterday I posted a pic on an eBay forum using this code

    <a href="http://tinypic.com" target="_blank"><img
    src="http://ixx.tinypic.com/image.jpg" border="0" alt="Image and video
    hosting by TinyPic"></a>

    (The only things changed above are some image IDs.)

    I used this particular image format because the other three I tried resulted
    only in "link" with an underscore, and this one produced an image.

    About an hour after posting the pic, I noticed that you could click on the
    image in the eBay forum post, and it would take you to the image host site.
    Once there, another window with a "browse" button allowed you to go directly
    into the files on my computer! I had the eBay post containing the image
    deleted, but it may haves been too late--about 2 hours after the image was
    posted. I deleted the image on my computer that used the filename that was
    uploaded, but I still have the original image from my camera on my computer.
    I haven't been able to delete the image at the image hosting site. I don't
    have an account set up there, so there's no password protection.

    What should I do now?
     
    popalong, Oct 13, 2009
    #1
    1. Advertisements

  2. popalong

    popalong Guest

    RESENT--Original got trashed in MS server
     
    popalong, Oct 13, 2009
    #2
    1. Advertisements

  3. popalong

    Malke Guest

    popalong wrote:

    Contact the unnamed image hosting company for an explanation. I wouldn't
    worry about your own security. You're using a firewall and there is nothing
    inherently evil about your own image file. No need to panic and go deleting
    it from your hard drive and camera.

    Malke
     
    Malke, Oct 14, 2009
    #3
  4. popalong

    popalong Guest

    The image hosting service is tinypic.com. The window that I referred to
    previously, that appears when the user clicks on the posted photo is
    actually a dialog box. The browse button I referred to is to select images
    from my HDD for uploading to the image host. The photo that I uploaded and
    posted in the eBay forum came from my desktop--not from my picture folder.
    And when I clicked on the browse button, I had access to the entire contents
    of the HDD, not just the picture folder.

    If you're confident that my firewall will prevent a different computer from
    entering my computer, using the above scenario, then I won't worry about
    this, and won't pursue it any further. Also please advise me if it's okay
    to upload images from my desktop, or if I should be using a public pictures
    folder for this.

    Please let me know ASAP.
    Thanks
     
    popalong, Oct 14, 2009
    #4
  5. popalong

    Paul Adare Guest

    You're getting all freaked out over nothing here and Malke's explanation
    isn't doing much good. This has nothing at all to do with your firewall,
    nor can someone from another computer browse your hard drive using the
    upload control on that page.

    When you click on the browse button from your computer, it does in fact
    allow you to browse your computer, that's the point of the control. When
    someone on another computer, either inside or outside of your network
    clicks on the same control on the same web page, it lets them browse the
    contents of *their* computer. There is no connection between what you
    uploaded, that browse control, and access to your computer.

    As I said, you're getting all freaked out over nothing.
     
    Paul Adare, Oct 14, 2009
    #5
  6. popalong

    Dave Guest

    sort of like...
    file:///c:/windows
     
    Dave, Oct 14, 2009
    #6
  7. popalong

    Jim Guest

    NOBODY can say what will happen , it`s up to you to decide what you
    wish .
     
    Jim, Oct 14, 2009
    #7
  8. popalong

    popalong Guest

    Exactly!

     
    popalong, Oct 14, 2009
    #8
  9. popalong

    Malke Guest

    No, you're misunderstanding things. Of course when you go to upload
    something you're given a browse button that shows your hard drive. You're
    being given the opportunity to navigate to a file somewhere on your hard
    drive to select for uploading. It doesn't matter whether the file is in your
    Public folder, your user's Pictures folder, or wherever. It's how uploading
    *works*. It doesn't mean someone from the outside is watching you do this.

    As far as your firewall goes, all I meant by that was that you seem to have
    the normal protection of your system. Because you uploaded a picture to an
    image hosting site doesn't mean someone from the outside can get into your
    computer. I really think you're fretting over nothing because you've not
    really understood the uploading process and what you saw.

    Malke
     
    Malke, Oct 14, 2009
    #9
  10. popalong

    popalong Guest

    Thanks! I'll stop worrying. The issue is settled.
     
    popalong, Oct 14, 2009
    #10
  11. popalong

    popalong Guest

    Good explanation. Thanks!

     
    popalong, Oct 15, 2009
    #11
  12. popalong

    popalong Guest

    What I was wondering is if I should be uploading to the image host or
    message board from this folder instead of from desktop:
    useraccountname>Public>Public Pictures

    Then I could put encryption or pswd protection on the other folders if
    advisable.
     
    popalong, Oct 15, 2009
    #12
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.