Stories
Slash Boxes
Comments

SoylentNews is people

posted by CoolHand on Tuesday April 21 2015, @02:03PM   Printer-friendly
from the a-pictures-worth-a-thousand-lines-of-malware dept.

El Reg reports

Penetration tester Marcus Murray says attackers can use malicious JPEGs to pop modern Windows servers, to gain expanded privileges over networks.

In a live hack set down for RSA San Francisco this week, the TrueSec boffin shows how he used the hack to access an unnamed US Government agency that ran a buggy photo upload portal.

A key part of the stunt is achieved by inserting active content into the attributes of a jpg image, such that the file name read image.jpg.aspx. "I'm going to try to compromise the web server, then go for back end resources, and ultimately compromise a domain controller," Murray said, adding the hack is not that difficult.
video

This is by no means a new attack vector.

Why are we still dealing with this over ten years later?

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Insightful) by gishzida on Tuesday April 21 2015, @08:02PM

    by gishzida (2870) on Tuesday April 21 2015, @08:02PM (#173647) Journal

    Let's see...

    What kind of idiot takes a server that sits in a DMZ and attaches it to a domain controller? A MS Admin because they are not trained that "Internet facing" servers are a danger to their local network and should be isolated... and besides Management won't sit still for adding additional security costs. Better yet just outsource the whole thing, authentication and all...

    What kind of security admin allows that? One that is so busy attending to other things (certification classes, hacker conventions, and soothing poor over worked management) that they never actually do any kind of security work. Oh wait it's too expensive to have a dedicated security admin... Outsource that position...

    What kind of IT management or company management allows it? The one that can ignore the danger, work to keep costs down to increase the chance of a higher salary, and then blame and fire the lowly admins when the systems are over run by "black hats" [which might be everything from a script kiddy to their own government].

    It was once said [circa 1995/6] that NT 3.51 workstation or server was secure so long as you didn't plug it into a network switch.... Windows [and management] has not changed all that much.

    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  

    Total Score:   2