A Photo That Can Steal Your Online Credentials?

TedSamsonIW writes "InfoWorld reports on a new potential ploy for stealing Web user's private information: Researcher has found that by placing a new type of hybrid file on Web sites that let users upload their own images, they can circumvent security systems and take over Web surfers' accounts. 'They call this type of file a GIFAR, a contraction of GIF (graphics interchange format) and JAR (Java Archive), the two file-types that are mixed. At Black Hat, researchers will show attendees how to create the GIFAR while omitting a few key details to prevent it from being used immediately in any widespread attack.'"

Re:I can haz ur eebay de-tails?

[clone53421]

Uh huh... when I said "look at the facts" I didn't mean "read until the quote and then stop". That's what you did, right?

It's merely an initial description of the situation. I further went on to describe why it's a good situation, and why ignoring the extensions is dangerous. It's silly to say that's a claim against Windows: determining filetype by extension works IF the extensions are strictly followed. Maybe you should go back and read the rest of what I posted.