Stories
Slash Boxes
Comments

SoylentNews is people

posted by CoolHand on Tuesday April 21 2015, @02:03PM   Printer-friendly
from the a-pictures-worth-a-thousand-lines-of-malware dept.

El Reg reports

Penetration tester Marcus Murray says attackers can use malicious JPEGs to pop modern Windows servers, to gain expanded privileges over networks.

In a live hack set down for RSA San Francisco this week, the TrueSec boffin shows how he used the hack to access an unnamed US Government agency that ran a buggy photo upload portal.

A key part of the stunt is achieved by inserting active content into the attributes of a jpg image, such that the file name read image.jpg.aspx. "I'm going to try to compromise the web server, then go for back end resources, and ultimately compromise a domain controller," Murray said, adding the hack is not that difficult.
video

This is by no means a new attack vector.

Why are we still dealing with this over ten years later?

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0, Insightful) by Anonymous Coward on Tuesday April 21 2015, @03:48PM

    by Anonymous Coward on Tuesday April 21 2015, @03:48PM (#173561)
    To be fair: Linux fanboys see vulnerabilities like this as an example of how great OSS is. They've been grading MS on a curve all this time.
    Starting Score:    0  points
    Moderation   0  
       Flamebait=1, Insightful=1, Total=2
    Extra 'Insightful' Modifier   0  

    Total Score:   0  
  • (Score: 5, Insightful) by Grishnakh on Tuesday April 21 2015, @05:10PM

    by Grishnakh (2831) on Tuesday April 21 2015, @05:10PM (#173585)

    No, it is an example of how great OSS is. Every single time some vulnerability like this is discovered in OSS, it's fixed quickly (sometimes within hours), and a patch is issued immediately. No, OSS isn't perfect, and has vulnerabilities too, but when they're found, they're immediately fixed. The same simply can't be said for proprietary software. There, the companies even want to restrict people from disclosing these vulnerabilities publicly, and if they could, they'd make it illegal to EVER disclose them, because they really don't care to fix them since that affects their bottom line. This simply doesn't exist in OSS, where the creators of the software actually take pride in their work and want to fix it when problems are found.

    How else do you explain a vulnerability in Windows going for 10 years without a fix?

    • (Score: 2) by nukkel on Tuesday April 21 2015, @06:27PM

      by nukkel (168) on Tuesday April 21 2015, @06:27PM (#173614)

      How else do you explain a vulnerability in Windows going for 10 years without a fix?

      It got promoted to 'feature'?

      • (Score: 3, Interesting) by panachocala on Tuesday April 21 2015, @08:06PM

        by panachocala (464) on Tuesday April 21 2015, @08:06PM (#173649)

        Because of cooporation with NSA which was using it to infect Iranian centrifuges, etc.

    • (Score: 2) by FatPhil on Tuesday April 21 2015, @08:43PM

      by FatPhil (863) <pc-soylentNO@SPAMasdf.fi> on Tuesday April 21 2015, @08:43PM (#173665) Homepage
      It's not necessarily the same bug? The same kind of wrongthink (let's execute data from an untrusted source!) can just as easily be added two or more times as it can once.
      --
      Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves