Security Issues and Software Vulnerabilities

pictureFrom time to time, Alchemy Mindworks releases software updates to deal with security issues. This sounds a bit scary – with good reason in some cases – and as such, it probably deserves an explanation.

Regrettably, the world includes a substantial number of flakes, idiots and malevolent swamp-dwellers who spend their mean little lives trying to attack the computers of the rest of us. When they’re successful in doing so, they can:

  • Install malware to steal personal information, such as credit card numbers and banking passwords.
  • Connect the afflicted computers to botnets, such that they can be used to attack other networks.
  • Encrypt the files on your hard drive and demand a pile of bitcoins for the key to decrypt them.
  • …and probably a lot of other stuff we’d rather not know about.

One of the ways in which the aforementioned lower life-forms like to get past the security of personal computers is through software exploits. While the details of these things vary, one of the exploits that we’ve seen several times in recent years has involved the creation of deliberately malformed JPEG graphics which exploit known vulnerabilities in the library that opens these pictures, such that the library will crash and execute a program stored in the JPEG file being read.

Needless to say, the program being executed will be something you’d rather not have running on your computer.

The library that reads JPEG files is referred to as “open source.” This means that the source code for the library – the actual program that was written to implement it – is available for anyone who’s interested in it to download and rummage around in.

There are a lot security experts and dedicated programmers who routinely look for potential vulnerabilities in these libraries. When they find one, they’ll typically notify the developer of the library in question. The vulnerability will get addressed, the hole will be plugged, and an updated library can be released.

The down side of open source libraries is that hackers and other malevolent entities can also look through them for vulnerabilities, and have a better idea of how to exploit them. Historically, the aforementioned security experts find these issues long before the hackers do, and updated libraries are available well in advance of the appearance of “exploits” – in the foregoing example, this would be malformed JPEG graphics that can run sneaky hidden programs.

Open source libraries are, in fact, the most reliable and secure software in the known universe, because:

  • Innumerable expert programmers regularly beat them up, looking for problems.
  • They’re quick to fix and release as updates if anything dark and sinister is discovered.

Alchemy Mindworks’ software uses a number of open source libraries… our JPEG reader is among them. We routinely check for vulnerabilities in said libraries, and release updates to our software with secure libraries when they appear.

pictureWe urge all the users of Alchemy Mindworks’ software products to either subscribe to our e-mail update newsletter or enable the Up To Date notification agent that installs with our products, so we can keep you apprised of these updates. Ideally, you should do both.

Our newsletter postings will display a graphic like the one to your right when they involve security updates.

If you’re notified of a security update for your software, please download and install it immediately.

For the most part, the only computer users who are successfully attacked by library exploits like the ones described in this posting are those running old software with out-dated, vulnerable libraries.

You don’t have to be among them.

Share this post:
  • Digg
  • del.icio.us
  • Google
  • StumbleUpon
  • Technorati
  • Reddit

Leave a comment

Please note: Support issues can't be addressed here. If you have questions
or if you you need assistance with our software, please visit our support page.

Comments which reference other web pages, or which constitute attempts at
advertising, will be automaticaly flagged as spam and will never see daylight.

Entering a comment at this page will cause one or more cookies to be set in
your web browser.