El Reg reports
Penetration tester Marcus Murray says attackers can use malicious JPEGs to pop modern Windows servers, to gain expanded privileges over networks.
In a live hack set down for RSA San Francisco this week, the TrueSec boffin shows how he used the hack to access an unnamed US Government agency that ran a buggy photo upload portal.
A key part of the stunt is achieved by inserting active content into the attributes of a jpg image, such that the file name read image.jpg.aspx. "I'm going to try to compromise the web server, then go for back end resources, and ultimately compromise a domain controller," Murray said, adding the hack is not that difficult.
video
This is by no means a new attack vector.
Why are we still dealing with this over ten years later?
(Score: 2) by VLM on Tuesday April 21 2015, @03:11PM
The problem with bugs like this is a simple software patch doesn't fit the culturally dominant security theater model.
How can we strip search people or walk them thru a scanner or racial profile them or trade lucrative contracts for election contributions if the problem is something in software? If the only good security is offensive and obnoxious security (which means anything offensive or obnoxious is also good security) then a simple patch isn't good security unless its delivered by a SWAT team or the discovering researcher is jailed or something.
We can fix "sneaking an ounce of liquid onto an airplane" or "racial profile suspected terrorists" but the biz model doesn't know how to handle "write software that isn't crap" or "try code review" or "issue a patch".
(Score: 0) by Anonymous Coward on Tuesday April 21 2015, @05:08PM
So we need a dude in a tac vest and a gun with a black usb drive :)