Researchers at NGS Software found a new type of hybrid file that looks like different things to different programs. NGS Software’s John Heasman says the GIFAR is a Java applet in the form of an image. The name GIFAR is a contraction of GIF (graphics interchange format) and JAR (Java Archive).
To a Web server, the file looks exactly like a GIF file, but a browser’s Java virtual machine will open the file like a JAR file and run it as an applet, giving the attacker an opportunity to run Java code on the victim’s browser, which treats the applet as though it was written by the Web site’s developers.The attack could work on any site that allows users to upload files, potentially even on Web sites that are used to upload banking card photos or even Amazon.com.
Ways to avoid the GIFAR attack is to detect hybrid files by improving the web site’s filtering tools and Sun could tighten up the Java runtime environment to prevent this from happening.[1]
This will be reported at Black Hat computer security conference in Las Vegas. For a preview click here.
Reference
[1] Robert McMillan(2008). A photo that can steal your online credentials. [Online] IDG News Service. Available here .
No Responses to “GIFAR image can steal your online credentials”