Security researchers to outline photo attack
Monday, August 4, 2008
IT security researchers are set to unveil a new type of java program that could trick machines into running arbitrary code by masquerading as an image file, according to Network World.
At the upcoming Black Hat network security conference, attendees will be given details of how the hybrid file - known as a GIFAR - can leave users of social networking and web-based image services at risk of having accounts hijacked.
The publication explains that while web filters view the file as a normal GIF image, java applets will handle the file differently and allow it to run code within the web browser.
Network World noted: "The attack could work on any site that allows users to upload files, potentially even on Web sites that are used to upload banking card photos or even Amazon.com."
In a separate article, the network security website has also noted that Cisco wireless services will also be put under the spotlight by researchers at the upcoming Black Hat conference.
Related News:
Cyber criminals exposed medical records - 3.8.2010
More than 18,000 patients, whose medical information is stored on the computer systems of five doctors in Torrance, California, were potential victims of identity theft in September when cyber criminals penetrated the doctors' networks, according to the Los Angeles Times.
McAfee advises companies to boost web security relating to source code - 3.4.2010
At the RSA Conference, currently taking place in San Francisco, McAfee released a report indicating that companies regularly use too few web security protocols when protecting intellectual property such as source code.
False social networking attacks provides teachable moment for web security - 2.25.2010
A unique tool developed to prevent the spread of malware from social networking websites has been recommended Processor.com, a web and network security news provider.
With global web security under siege, exports point to problems - 2.25.2010
In 2009, Garlik, a United Kingdom-based web security company, reported a 207 percent increase in malware use to overtake bank accounts. Recent events have also shown vulnerability in corporate, private and governmental web security systems.
Kaspersky reports malware growing more sophisticated - 2.24.2010
Kaspersky, a web security provider, reported Wednesday that while there is very little growth in the amount of malware currently roaming the web, it is becoming more advanced and much harder to detect.
|
