Probable security breech - how do I fix it?

  • Thread starter Thread starter popalong
  • Start date Start date
P

popalong

Hi

Using Vista 64 bit Home Premium, MSE, and Spybot,

Yesterday I posted a pic on an eBay forum using this code

<a href="http://tinypic.com" target="_blank"><img
src="http://ixx.tinypic.com/image.jpg" border="0" alt="Image and video
hosting by TinyPic"></a>

(The only things changed above are some image IDs.)

I used this particular image format because the other three I tried resulted
only in "link" with an underscore, and this one produced an image.

About an hour after posting the pic, I noticed that you could click on the
image in the eBay forum post, and it would take you to the image host site.
Once there, another window with a "browse" button allowed you to go directly
into the files on my computer! I had the eBay post containing the image
deleted, but it may haves been too late--about 2 hours after the image was
posted. I deleted the image on my computer that used the filename that was
uploaded, but I still have the original image from my camera on my computer.
I haven't been able to delete the image at the image hosting site. I don't
have an account set up there, so there's no password protection.

What should I do now?
 
popalong wrote:

Using Vista 64 bit Home Premium, MSE, and Spybot,

Yesterday I posted a pic on an eBay forum using this code

<a href="http://tinypic.com" target="_blank"><img
src="http://ixx.tinypic.com/image.jpg" border="0" alt="Image and video
hosting by TinyPic"></a>

(The only things changed above are some image IDs.)

I used this particular image format because the other three I tried
resulted only in "link" with an underscore, and this one produced an
image.

About an hour after posting the pic, I noticed that you could click on the
image in the eBay forum post, and it would take you to the image host
site. Once there, another window with a "browse" button allowed you to go
directly
into the files on my computer! I had the eBay post containing the image
deleted, but it may haves been too late--about 2 hours after the image was
posted. I deleted the image on my computer that used the filename that
was uploaded, but I still have the original image from my camera on my
computer.
I haven't been able to delete the image at the image hosting site. I
don't have an account set up there, so there's no password protection.

What should I do now?

Contact the unnamed image hosting company for an explanation. I wouldn't
worry about your own security. You're using a firewall and there is nothing
inherently evil about your own image file. No need to panic and go deleting
it from your hard drive and camera.

Malke
 
The image hosting service is tinypic.com. The window that I referred to
previously, that appears when the user clicks on the posted photo is
actually a dialog box. The browse button I referred to is to select images
from my HDD for uploading to the image host. The photo that I uploaded and
posted in the eBay forum came from my desktop--not from my picture folder.
And when I clicked on the browse button, I had access to the entire contents
of the HDD, not just the picture folder.

If you're confident that my firewall will prevent a different computer from
entering my computer, using the above scenario, then I won't worry about
this, and won't pursue it any further. Also please advise me if it's okay
to upload images from my desktop, or if I should be using a public pictures
folder for this.

Please let me know ASAP.
Thanks
 
The image hosting service is tinypic.com. The window that I referred to
previously, that appears when the user clicks on the posted photo is
actually a dialog box. The browse button I referred to is to select images
from my HDD for uploading to the image host. The photo that I uploaded and
posted in the eBay forum came from my desktop--not from my picture folder.
And when I clicked on the browse button, I had access to the entire contents
of the HDD, not just the picture folder.

If you're confident that my firewall will prevent a different computer from
entering my computer, using the above scenario, then I won't worry about
this, and won't pursue it any further. Also please advise me if it's okay
to upload images from my desktop, or if I should be using a public pictures
folder for this.

You're getting all freaked out over nothing here and Malke's explanation
isn't doing much good. This has nothing at all to do with your firewall,
nor can someone from another computer browse your hard drive using the
upload control on that page.

When you click on the browse button from your computer, it does in fact
allow you to browse your computer, that's the point of the control. When
someone on another computer, either inside or outside of your network
clicks on the same control on the same web page, it lets them browse the
contents of *their* computer. There is no connection between what you
uploaded, that browse control, and access to your computer.

As I said, you're getting all freaked out over nothing.
 
The image hosting service is tinypic.com. The window that I referred to
previously, that appears when the user clicks on the posted photo is
actually a dialog box. The browse button I referred to is to select images
from my HDD for uploading to the image host. The photo that I uploaded and
posted in the eBay forum came from my desktop--not from my picture folder.
And when I clicked on the browse button, I had access to the entire contents
of the HDD, not just the picture folder.

If you're confident that my firewall will prevent a different computer from
entering my computer, using the above scenario, then I won't worry about
this, and won't pursue it any further. Also please advise me if it's okay
to upload images from my desktop, or if I should be using a public pictures
folder for this.

NOBODY can say what will happen , it`s up to you to decide what you
wish .
 
popalong said:
The image hosting service is tinypic.com. The window that I referred to
previously, that appears when the user clicks on the posted photo is
actually a dialog box. The browse button I referred to is to select
images
from my HDD for uploading to the image host. The photo that I uploaded
and posted in the eBay forum came from my desktop--not from my picture
folder. And when I clicked on the browse button, I had access to the
entire contents of the HDD, not just the picture folder.

If you're confident that my firewall will prevent a different computer
from entering my computer, using the above scenario, then I won't worry
about
this, and won't pursue it any further. Also please advise me if it's okay
to upload images from my desktop, or if I should be using a public
pictures folder for this.

No, you're misunderstanding things. Of course when you go to upload
something you're given a browse button that shows your hard drive. You're
being given the opportunity to navigate to a file somewhere on your hard
drive to select for uploading. It doesn't matter whether the file is in your
Public folder, your user's Pictures folder, or wherever. It's how uploading
*works*. It doesn't mean someone from the outside is watching you do this.

As far as your firewall goes, all I meant by that was that you seem to have
the normal protection of your system. Because you uploaded a picture to an
image hosting site doesn't mean someone from the outside can get into your
computer. I really think you're fretting over nothing because you've not
really understood the uploading process and what you saw.

Malke
 
Good explanation. Thanks!

Paul Adare said:
You're getting all freaked out over nothing here and Malke's explanation
isn't doing much good. This has nothing at all to do with your firewall,
nor can someone from another computer browse your hard drive using the
upload control on that page.

When you click on the browse button from your computer, it does in fact
allow you to browse your computer, that's the point of the control. When
someone on another computer, either inside or outside of your network
clicks on the same control on the same web page, it lets them browse the
contents of *their* computer. There is no connection between what you
uploaded, that browse control, and access to your computer.

As I said, you're getting all freaked out over nothing.
 
What I was wondering is if I should be uploading to the image host or
message board from this folder instead of from desktop:
useraccountname>Public>Public Pictures

Then I could put encryption or pswd protection on the other folders if
advisable.
 
Back
Top