Facebook Hack: A Photo Looking Back at Your Credentials Exploit - GIFAR part I
Let’s image that you go on a populous and secure website like Facebook for instance. And let’s image that you click on someone profile picture just to see it. After all, you’re on a secure website and a website like facebook will not allow redirection, isn’t it?!!! It is probably right, a website like Facebook, will not allow this kind of redirection known for a long time ago.
But, what if it was possible to locally execute some nasty code from a simple image without any redirection needs just with a single click? Wouaw!! that would be much less funny!!!
Sorry for the one who feel secure on the Internet because some researchers from NGSSoftware have developed an hybrid attack capable of hiding java applet within a GIF image which they called GIFAR, the concatenation of GIF (gif image) and jAR (Java Archive).
This means that as soon as you click on a facebook “friend”’s malicious image, you would give him full access to your facebook account.
This new method probably will make speak a lot about it in a very near future.
This week, at the Black Hat Computer Security Conference in Las Vegas, researchers from NGSSoftware will present details on this exploit.
If you want to read more about this subject, following are some nice articles:
http://djtechnocrat.blogspot.com/2008/08/gifar-hybrid-photo-capable-of-pwnage.html
http://arstechnica.com/news.ars/post/20080801-newly-found-hybrid-attack-embeds-java-applet-in-gif-file.html
.
.
Tags: blackhat, defcon, exploit, gifar, hack, News
Related Post
No Comments
No comments yet.
Comments RSS TrackBack Identifier URI
Leave a comment
