A Photo That Can Steal Your Online Credentials?

TedSamsonIW writes "InfoWorld reports on a new potential ploy for stealing Web user's private information: Researcher has found that by placing a new type of hybrid file on Web sites that let users upload their own images, they can circumvent security systems and take over Web surfers' accounts. 'They call this type of file a GIFAR, a contraction of GIF (graphics interchange format) and JAR (Java Archive), the two file-types that are mixed. At Black Hat, researchers will show attendees how to create the GIFAR while omitting a few key details to prevent it from being used immediately in any widespread attack.'"

Re:Another reason Java sucks

[GigaHurtsMyRobot]

Java is the epitome of bad programming, despite all that you can do with it. It's just a terrible implementation of a great capability. I loathe its insurgence into the mainstream.

Re:Another reason Java sucks

[Random+Guru+42]

He's not wrong, you know. Java was pretty much Pascal for the nineties.

Re:Another reason Java sucks

[Deadplant]

It is true, java is great big stack of Fail.

Possibly not.

[khasim]

First off, what idiot mod'ed you "Troll"?

Secondly, if the user whitelists FaceBook then that would PROBABLY also whitelist the picture/jar that is the exploit which would be downloaded from FaceBook.

Yeah, the security is an issue. At least for right now. It might take a major re-write to kill this exploit. Probably a sandbox where EVERYTHING from a web page would be temporarily stored, then analyzed to see what it was and what the web page reported it as. Probably by digging into the headers of each file and having a setup similar to Apple's for identifying the app that should run a given file.

I hate the Java community and their buzzwords

[dzfoo]

Of course, they have to give it a cutesy, buzzworthy name.

        -dZ.