El Reg reports
Penetration tester Marcus Murray says attackers can use malicious JPEGs to pop modern Windows servers, to gain expanded privileges over networks.
In a live hack set down for RSA San Francisco this week, the TrueSec boffin shows how he used the hack to access an unnamed US Government agency that ran a buggy photo upload portal.
A key part of the stunt is achieved by inserting active content into the attributes of a jpg image, such that the file name read image.jpg.aspx. "I'm going to try to compromise the web server, then go for back end resources, and ultimately compromise a domain controller," Murray said, adding the hack is not that difficult.
video
This is by no means a new attack vector.
Why are we still dealing with this over ten years later?
(Score: 4, Interesting) by gnuman on Tuesday April 21 2015, @05:02PM
Maybe my POV comes from doing construction work most of my life, but I try to keep always in mind that a good foundation is essential to building a good building that serves well for ages.
Right. And when you ask almost all residential construction workers (and "foundation experts"), they'll tell you that all foundations crack within a decade and that the basement floor cracks after a year too. And both are solved problems but are deliberately sabotaged by the construction companies and building codes so they save $1-5k in rebar. They also tell you that "all basements are damp" - another complete bullshit, but hey, it saves you a day of work to waterproof the construction (and move the dewpoint to the outside wall, not the inner wall. Anyway ....
(Score: 4, Interesting) by Runaway1956 on Wednesday April 22 2015, @12:09AM
Yes, and no. Buildings settle. Foundations shift. Crap happens. But, the problem isn't the rebar. The problem, if any, is created BEFORE the rebar is tied, the concrete is poured, or any later stage of construction. It's the GROUNDWORK!
Dig down to bedrock. If that is not possible, drill piers down to bedrock, ensuring that those piers are large and strong enough to support the entire structure. Any job I did for the state of Texas required that the ground be dug out at least three feet below the foundation, then backfilled. That backfill must be compacted to at least 95%. Travel the highways in Texas, and you'll notice roadbeds being dug out, filled, dug again and filled, and dug yet again and filled. The inspectors weren't satisfied with the compaction, so the construction company does it over and over until the inspectors are happy.
I don't mean to minimize the importance of the rebar, but the groundwork has to done right, or everything else is wasted.
You don't see many residential home builders doing that kind of groundwork ahead of construction. It's more common to see idiots dumping sand into the low spots to make the entire floor level with the high spots on the ground, and instead of a real foundation, pouring what I would call a "heavyup" around the edges. And, you're left with pourous soil under your home, which moves with the seasons.