El Reg reports
Penetration tester Marcus Murray says attackers can use malicious JPEGs to pop modern Windows servers, to gain expanded privileges over networks.
In a live hack set down for RSA San Francisco this week, the TrueSec boffin shows how he used the hack to access an unnamed US Government agency that ran a buggy photo upload portal.
A key part of the stunt is achieved by inserting active content into the attributes of a jpg image, such that the file name read image.jpg.aspx. "I'm going to try to compromise the web server, then go for back end resources, and ultimately compromise a domain controller," Murray said, adding the hack is not that difficult.
video
This is by no means a new attack vector.
Why are we still dealing with this over ten years later?
(Score: 3, Informative) by GlennC on Tuesday April 21 2015, @02:18PM
The reason we are still dealing with this problem is that the blame can be easily and quickly shifted to Somebody Else.
Between the outsourcing, offshoring, contracting and going "to the cloud", no one group has their feet held to the fire for very long.
Conversely, no one group is holding Microsoft's feet to the fire, so the Caucus Race goes on.
Sorry folks...the world is bigger and more varied than you want it to be. Deal with it.
(Score: 4, Insightful) by Thexalon on Tuesday April 21 2015, @02:33PM
Also, most of those affected by the problem are completely unaware that the problem even exists. My experience so far in dealing with organizations in relation to security is that there are basically 2 security stances that most spend most of their time in:
(A) Meh, we don't need to worry about it. Everything's fine.
(B) OMG, we were just hacked! PANIC! Throw lots of money at the problem until it goes away!
The only thing that stops a bad guy with a compiler is a good guy with a compiler.