| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4476F9E0.3080208@digitalmunition.com> Date: Fri May 26 13:58:25 2006 From: kf_lists at digitalmunition.com (KF (lists)) Subject: EXIF thumbnails - now with sourcecode You forgot the link.... http://no.spam.ee/~tonu/exif/ -KF Tonu Samuel wrote: >Maybe year ago this EXIF thumbnails security topic already was discussed in >security lists. Mail problem to me was lack of real world examples or any >kind of statistics of this problem. People who published this problem did not >shared source code used. There was many technically problematic things to >solve before anyone was able to repeat the experiment. > >I decided to write own software to find how how distributed this problem is >and get some statistics. I cannot tell you right numbers but approximately 1% >or less jpg images contains any exif thumbnails which in opinion of my >software have some difference from big image. I already excluded URLs >containing word "thumb" and many other possibly bad matches, so 1% is still >overestimated. >Most of this 1% is 90 degrees rotations, small crops and other not-so >important changes. Less than 1% of those 1% contain something sensitive. This >is question of definition. > >Well, I made some page where you can see what is already found and also you >can grab source code and try it yourself. Currently i found images on sites >of FBI and CIA and many other places. > > T?nu > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ > > > > >
Powered by blists - more mailing lists