A Photo That Can Steal Your Online Credentials?

Posted by ScuttleMonkey on Friday August 1, 2008 @07:20AM from the free-fear-mongering dept.

TedSamsonIW writes "InfoWorld reports on a new potential ploy for stealing Web user's private information: Researcher has found that by placing a new type of hybrid file on Web sites that let users upload their own images, they can circumvent security systems and take over Web surfers' accounts. 'They call this type of file a GIFAR, a contraction of GIF (graphics interchange format) and JAR (Java Archive), the two file-types that are mixed. At Black Hat, researchers will show attendees how to create the GIFAR while omitting a few key details to prevent it from being used immediately in any widespread attack.'"

1 of 235 comments (clear)

Min score:

Reason:

Sort:

Re:Workarounds for websites by TheMeuge · 2008-08-01 08:12 · Score: 0, Offtopic

Somebody mark this comment "Insightful" would you please. It certainly deserves to be modded up, and possibly forwarded to the services that allow this kind of an attack to occur.
This would be a rather simple way to protect their clients against such an attack.