A Photo That Can Steal Your Online Credentials?

Posted by ScuttleMonkey on Friday August 1, 2008 @07:20AM from the free-fear-mongering dept.

TedSamsonIW writes "InfoWorld reports on a new potential ploy for stealing Web user's private information: Researcher has found that by placing a new type of hybrid file on Web sites that let users upload their own images, they can circumvent security systems and take over Web surfers' accounts. 'They call this type of file a GIFAR, a contraction of GIF (graphics interchange format) and JAR (Java Archive), the two file-types that are mixed. At Black Hat, researchers will show attendees how to create the GIFAR while omitting a few key details to prevent it from being used immediately in any widespread attack.'"

2 of 235 comments (clear)

Min score:

Reason:

Sort:

But What's the Use by D+Ninja · 2008-08-01 07:32 · Score: 0, Redundant

So, I, for the life of me, cannot figure out what point an (essentially) "executable" image would have. To me, it seems like this mixing of concerns is a very bad idea. It's either data (an image) or an executable (application). Not both.
Can anybody explain the thought process behind this?
Re:I can haz ur eebay de-tails? by ChameleonDave · 2008-08-01 16:59 · Score: 0, Redundant

I don't see what shorthand has to do with it. Try steganography.