An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
Album Cover Art
#11694 09/08/10 02:20 PM
Joined: Aug 2009
Likes: 14
ryck Offline OP
OP Offline

Joined: Aug 2009
Likes: 14
There are a few sites offering free album art to fill in the blanks left after getting covers through the iTunes site. Since pictures are also a vehicle for distribution of unwanted devices to be installed on your hard drive, how does a person ensure they're getting art only?

Does anyone have an album art site that they've used and trust?

Finally, if the art is available anyway, why wouldn't iTunes have it?

ryck

Last edited by ryck; 09/08/10 02:21 PM.

ryck

"What Were Once Vices Are Now Habits" The Doobie Brothers

iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4
OS Ventura 13.6.3
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner c/w VueScan software
TM on 1TB LaCie USB-C
Re: Album Cover Art
ryck #11697 09/08/10 03:02 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
Originally Posted By: ryck
Since pictures are also a vehicle for distribution of unwanted devices to be installed on your hard drive

I'm not sure what you mean by this, can you explain?

In any case, Amazon is a good source for album art, they also allow user-submitted pics that are, in some cases, better than what Amazon offers.

Be sure to check Amazon.co.uk as well, they sometimes have art that the US site doesn't.

Re: Album Cover Art
ryck #11698 09/08/10 03:13 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
The iTunes store is concerned with album art for titles they carry, not every album ever recorded by anyone. For example, I have a lot of music in iTunes that is not available through the iTunes Store. Several self-published groups, albums that are out of print (some converted from vinyl), etc. Using some of the alternate album art sites has enabled me to have album art for most, but certainly not all, of the albums and tunes in my iTunes library. cool

AFIK all of the graphics exploits have been discovered long after I filled in the blanks in my album artwork so to be honest, I have never been overly concerned with the security of the downloaded album art. If I were to download some today it would be downloaded to my designated Download folder and automatically scanned by ClamX AV. If anything were found, ClamX AV will automatically move the file to a quarantine folder, notify me of the quarantined file, and I will simply delete it without ever opening it.

As for recommending a site I have often had little or no option for some of my album art. I have to get it where I can find it. To give myself some degree of protection, I use OpenDNS which keeps track of known or suspect sources and depending on my chosen settings and security levels either blocks a site altogether or warns me when downloading from a risky site. They can do a much more thorough job of keeping track of that sort of thing than I, or any individual, ever could.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Album Cover Art
Rick Deckard #11702 09/08/10 05:56 PM
Joined: Aug 2009
Likes: 14
ryck Offline OP
OP Offline

Joined: Aug 2009
Likes: 14
Originally Posted By: Rick Deckard
Originally Posted By: ryck
Since pictures are also a vehicle for distribution of unwanted devices to be installed on your hard drive

I'm not sure what you mean by this, can you explain?

There are FTM members better equipped than I to explain the technicalities but, as I understand it, the code for things like viruses or devices to collect information can be hidden in the code for an image. By viewing or using the image, the recipient unknowingly provides an invader with access to their hard drive.

I'm sure someone will provide a better explanation.

ryck

Last edited by ryck; 09/08/10 05:57 PM. Reason: Spelling

ryck

"What Were Once Vices Are Now Habits" The Doobie Brothers

iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4
OS Ventura 13.6.3
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner c/w VueScan software
TM on 1TB LaCie USB-C
Re: Album Cover Art
ryck #11703 09/08/10 09:30 PM
Joined: Aug 2009
Likes: 8
Online

Joined: Aug 2009
Likes: 8
To make it easier if you decide to use Amazon as an album art source, download from Apple the Amazon Art Widget.

It finds the art and allows you to easily add it to albums in iTunes.


On a Mac since 1984.
Currently: 24" M1 iMac, M2 Pro Mac mini with 27" BenQ monitor, M2 Macbook Air, MacOS 14.x; iPhones, iPods (yes, still) and iPads.
Re: Album Cover Art
ryck #11728 09/10/10 04:43 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
Originally Posted By: ryck
Originally Posted By: Rick Deckard
Originally Posted By: ryck
Since pictures are also a vehicle for distribution of unwanted devices to be installed on your hard drive

I'm not sure what you mean by this, can you explain?

There are FTM members better equipped than I to explain the technicalities but, as I understand it, the code for things like viruses or devices to collect information can be hidden in the code for an image. By viewing or using the image, the recipient unknowingly provides an invader with access to their hard drive.


This is only an issue with compressed pictures. Uncompressed formats like TIFF are always interpreted as pictures.

When a picture is compressed, like jpeg, gif, pdf, etc, the file can contain instructions for how to uncompress the image, and parameters for use in the decompression.

If the decompressing program is poorly written, invalid information can be used to make a "specially crafted image file" as the security people would say. Usually the goal is to exploit a bug in how the decompressor handles unexpected, uncommon, or invalid compressed data. Sometimes it causes the decoder to crash. In the worst cases, it causes the decoder to generate more picture information than it's expecting to, and the information overflows from the picture data in memory into other memory being used for other things, like to store running programs. This is a "buffer overflow". The worst outcome of that is that the decoder is tricked not only into overflowing its buffer, but doing so in a very specific way, storing very specific information in the overflow. This information can wind up in the middle of a running program, and can then get executed as program instructions. At that point, the picture has created a running program, usually running under the authority of the decoder. Security people call this "arbitrary code execution".

If the decoder is "sandboxed", the rogue program can't usually do a lot because it doesn't have access to the entire computer, but that is sometimes combined with other exploits (code that takes advantage of bugs that create security risks) that allow code to break out of the sandbox. This can result in "privilege escalation", meaning the rogue program has more access to the computer than the picture decoder.

The recent "browse to this web page to jailbreak your iphone" page takes advantage of these two issues to overwrite protected programs on the iphone to jailbreak it, simply by browsing to a web page that has a specially crafted image file that exploits a bug in the browser's image decompressor, causing a buffer overflow and code execution, and the code exploits a privilege escalation to perform the jailbreak.

So, simply attempting to view a compressed picture (or video) can be risky, if your picture viewing software isn't secure and bug-free. Quicktime has been an ongoing target for malware, but Apple does a pretty good job of keeping on top of it. The mere presence of quicktime on a mac is a huge plus - programs that want to render images and video don't have to do it themselves and make sure their code is perfect - they rely on Apple's quicktime APIs to do all the picture decoding so all the security is in one central place, carefully managed and maintained. Windows only recently started centralizing image and video decoding, so internet explorer, an app with all the image rendering inside it, has always been a popular target for malware and gateway into your computer.



I work for the Department of Redundancy Department
Re: Album Cover Art
joemikeb #11734 09/10/10 08:30 PM
Joined: Aug 2009
Likes: 14
ryck Offline OP
OP Offline

Joined: Aug 2009
Likes: 14
Originally Posted By: joemikeb
If I were to download some today it would be downloaded to my designated Download folder and automatically scanned by ClamX AV. If anything were found, ClamX AV will automatically move the file to a quarantine folder, notify me of the quarantined file, and I will simply delete it without ever opening it.

I've downloaded the software and have been goofing with it for a couple of days....am leaning toward sending some dough. So far the only drawback is that it doesn't have a manual for the Snow Leopard version. C'est la vie.

ryck


ryck

"What Were Once Vices Are Now Habits" The Doobie Brothers

iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4
OS Ventura 13.6.3
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner c/w VueScan software
TM on 1TB LaCie USB-C
Re: Album Cover Art
Ira L #11735 09/10/10 08:31 PM
Joined: Aug 2009
Likes: 14
ryck Offline OP
OP Offline

Joined: Aug 2009
Likes: 14
Originally Posted By: Ira L
To make it easier if you decide to use Amazon as an album art source, download from Apple the Amazon Art Widget.

Thanks. Good tip.

ryck


ryck

"What Were Once Vices Are Now Habits" The Doobie Brothers

iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4
OS Ventura 13.6.3
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner c/w VueScan software
TM on 1TB LaCie USB-C
Re: Album Cover Art
Virtual1 #11736 09/10/10 08:44 PM
Joined: Aug 2009
Likes: 14
ryck Offline OP
OP Offline

Joined: Aug 2009
Likes: 14
Originally Posted By: Virtual1
This is only an issue with compressed pictures. Uncompressed formats like TIFF are always interpreted as pictures.

When a picture is compressed, like jpeg, gif, pdf, etc, the file can contain instructions for how to uncompress the image, and parameters for use in the decompression.

First, thanks for taking the time to write such a comprehensive reply.

I've been playing with ClamXav and note that under Preferences>Exclude Files there is a caution: "ClamXav will not scan anything whose name or extension matches a text pattern below. Text patterns are case sensitive."

Then, two of the default settings are:

Exclude files ending in jpg
Exclude files starting with foo

It seems to be at odds with what it should do. Or am I misunderstanding something?

ryck



ryck

"What Were Once Vices Are Now Habits" The Doobie Brothers

iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4
OS Ventura 13.6.3
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner c/w VueScan software
TM on 1TB LaCie USB-C
Re: Album Cover Art
ryck #11748 09/11/10 12:56 AM
Joined: Aug 2009
Likes: 3
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 3

Beyond the hiding of malicious content within genuine image files, there was also the whole "fake" image file approach, in which Safari's Open "safe" files after downloading preference could be combined with one of OS X's peculiar file association mechanisms to allow what appeared, in the case of the sample exploit, to be a JPG to deliver a malicious Terminal script that would launch automatically upon being downloaded and, say, wipe out the user's Home directory.

This vulnerability was somewath obscurely titled Mac OS X File Association Meta Data Shell Script Execution in Secunia's initial report. At the time, much was made of Safari's role in this vulnerability, but the real problem seemed to be with Launch Services.

The clearest explanation of the entire imbroglio seems to have been that offered by Daring Fireball's John Gruber.



dkmarsh—member, FineTunedMac Co-op Board of Directors

Moderated by  cyn, dianne 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.022s Queries: 34 (0.017s) Memory: 0.6256 MB (Peak: 0.7173 MB) Data Comp: Zlib Server Time: 2024-03-28 17:29:47 UTC
Valid HTML 5 and Valid CSS