Simple exploits use images to attack websites

Would-be hackers don’t always have to jump through hoops to bring down a website. Researchers have discovered relatively simple exploits in ImageMagick, a common package for processing pictures on the web, that let attackers run any code they like on a targeted server. If someone uploads a maliciously coded image and ImageMagick handles it, they could theoretically compromise both the site and anyone who visits it. That’s particularly dangerous for forums and social networks, where user uploads are par for the course — a vengeful member could wreck the site for everyone.

Thankfully, there are fixes. The ImageMagick team is closing the security holes within the next few days, and it’s possible to thwart at least some attacks by either verifying the integrity of images or using a policy file to disable the susceptible features. The concerns are that these safeguards won’t cover everything, or that website owners won’t rush to shore up their defenses. It could be a while before you can assume that your favorite social sites are protected.

source: by Jon Fingas

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: