Well, we were planning on holding off on this until Wildly Off-Topic Microsoft-Bashing Day this Friday, but what the heck-- it's a slow news day and this is just too much fun to pass up. Remember about ten years ago when "regular people" were just starting to get plugged into this new-fangled "Internet" thing, and emailed virus hoaxes preyed mercilessly upon the sad lack of technical understanding that often characterized the boatloads of AOL subscribers disgorged unceremoniously onto the scene? "Don't open any message with a subject line of 'I LOVE CLAMATO,'" they shouted, "or you will be instantaneously infected with a virus that will GIVE YOUR COMPUTER LYME DISEASE!!!" Or "whatever you do, if you're surfing the web and see a picture of Anna Kournikova shucking oysters [there was a big mollusk theme to all these, you recall], run away quickly because your computer will BURST INTO FLAME and BOTH YOUR ARMS WILL FALL OFF!!!" Ah, good times.

See, the more technically-inclined among us knew full well that simply reading an email message couldn't pass along a computer virus, and neither could the act of looking at an image on a web site, whether it depicted tennis stars and bivalves or not. The only way to catch a virus via email was to open an infected document that was sent as an attachment, and the only way to get one from a web site was to download and open a file carrying the bug. Simply reading mail or surfing the 'net was safe as houses-- at least, it was until Microsoft decided to change all the rules.

Sometime in the late '90s, a new crop of viruses did manage to spread themselves all over creation by simply coaxing recipients to read an email message; Microsoft's Outlook mail application apparently rendered embedded HTML and even executed embedded scripts by default, which led to all sorts of fun for Windows users. Suddenly it was that whole "you can't catch a virus by reading an email message" thing that had become the hoax. (Thanks, Redmond!) And guess what? Now you can catch a virus by looking at a picture, too! Woo-hoo!

Well, at least you can if you're running Windows and you haven't patched your system for the sixty-gazillionth time this year yet. Faithful viewer Mike Scherer dished us a CNET article about a buffer overflow vulnerability in Microsoft's core JPEG-rendering code that "could let attackers create an image file that would run a malicious program on a victim's computer as soon as the file is viewed." While no exploits or proof-of-concept examples have yet been spotted on the 'net, security wonks warn that "the potential is very high for an attack," in part because the code that contains the flaw "affects various versions of at least a dozen Microsoft software applications and operating systems," so even if you've patched your copy of Windows, you might be running, say, an unpatched version of Visio on top of it that's still vulnerable to attack.

In the interest of fairness (it's not Friday quite yet, you understand), we should probably mention that even the Mac was susceptible to a similar buffer-based vulnerability (since fixed) that lived in its code for displaying PNG graphics. But PNG isn't ubiquitous like JPEG is, and is used for far fewer pictures of Ms. Kournikova. If nothing else, isn't it a kick in the pants to see how old email hoaxes are coming true? Heck, in five more years, maybe Bill Gates will give us all a thousand bucks and a free copy of Longhorn (assuming it's shipping by then-- burn!!) just for forwarding his email. Why, the future's never looked brighter!