Think you’re unlikely to get hacked, because you only use grown-up Web sites with serious security, and never open dubious emails with mysterious attachments? Think again: A new kind of security trap — an image format called GIFAR — will punish people who simply look at a picture on a Web site. Computerworld:
Here’s how an attack would work: A bad guy would create a profile on a popular Web site — Facebook, for example — and upload his GIFAR as an image on the site. Then he’d trick a victim into visiting a malicious Web site, which would tell the victim’s browser to go open the GIFAR. At that point, the applet would run in the browser, providing the hacker access to the victim’s Facebook account.
The attack could work on any site that allows users to upload files, potentially even on Web sites that are used to upload banking card photos or Amazon.com, they say.
So now you can get screwed just by looking at a photo? There’s only one hope — no one’s actually using this hack yet. As of today, it’s mostly theoretical: GIFAR has been created by a bunch of security experts, supposedly to show how insecure Web browsers are, and to question the computer industry’s move away from desktop software and toward Web apps.
But since the supposed vulnerability is going to get shown off during this week’s Black Hat conference, at a talk called “The Internet Is Broken”, if it works at all, it won’t stay theoretical for long. We may have to consider dumping our computers altogether and retreating to some kind of stick-based technology.
Business Insider Emails & Alerts
Site highlights each day to your inbox.