Change to Avatar and Profile Photo Image-Upload Policy

[Scot]

Change to Avatar and Profile Photo Image-Upload PolicyEffective Immediately: Anyone who wishes to display an avatar on Scot's Newsletter Forums will need to use an image-hosting site and link to the image there. For security reasons, we have been forced to prohibit the uploading of all images to the forums (explained below).Please keep your linked avatars to the site requirements of 128 x 128 pixels maximum, with a file size no larger than 22K. Larger images will be removed.Existing avatars and profile photos are grandfathered under this policy. Please note: If you have profile image already uploaded, do not try to change it. Doing so will delete the image. The forum software does not currently support remote hosting of a profile photo, we're sorry to say. So the stated policy is that the forums does not support images in your profile.However, if you need help with setting up your avatar, please contact a forum admin or moderator. We hope this will be temporary but we have no way of knowing how long this policy will be required.What's Causing the New PolicyThe abrupt change of policy concerning image uploads is the result of the exploit described in the following two articles. Please read them. They don't apply just to Scot's Newsletter; they apply to the Internet in general right now:• A photo that can steal your Facebook account• Black Hat Sneak PreviewHopefully you're already aware that upgrading to a new version of the Sun's Java Runtime Environment (JRE) does not disable previous versions of Java. You must manually uninstall old versions from Programs (in Vista), or Add or Remove Programs (in Windows XP and 2000 or earlier versions of Windows). Because many people are not aware of this, even when Sun Microsystems issues a Java security update and people install it, the vulnerability is continues to be present on millions of computersIf you have Sun Java installed on your computer, please follow these instructions for removing the vulnerable versions of this software:Download JavaRa and unzip it to your desktop.

• Double-click on JavaRa.exe to start the program.
• Click on Remove Older Versions to remove older versions of Java.
• A logfile will pop up. Please save it to a convenient location.

Then download and install Java Runtime Environment (JRE) 6 Update 7 (or newer).Sun's JRE can be a useful tool. It is required to run many Web-based applications. For example, it is used by Trend Micro Online virus scanner Housecall (if you are not using IE with ActiveX) and many other online scanners. It is also used for Secunia's Online Software Inspector. There are other sites like NOAA weather sites and NASA which make use of Java as well. However, if you don't need any of these items, and if you don't have other frequently used sites that require it, you could simply uninstall Java entirely until the issues being unveiled at this week's Black Hat conference are resolved.Please note that GIFAR (GIF+JAR) files are likely not the only vector that will be used for these types of attacks. There's more information in the articles noted above. We also have no way of knowing whether this problem will ever go away fully due to the dynamic nature of websites today.The security of Scot's Newsletter Forums, its data, and especially the thousands of site visitors and members who use the forums is our number one concern.-- ScotP.S. -- Please use the following topic in Forum Feedback for discussion: Change to Avatar and Profile Photo Image-Upload Policy --Bambi

Edited August 4, 2008 by LilBambi
to edit info on Profile Photo --Bambi