John Connor
Lifer
http://www.theregister.co.uk/2014/02/05/iframe_attack_injects_code_via_pngs/
Good thing I use NoScript for Firefox.
-
We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.
iFrame attack injects code via PNGs
- Thread starter John Connor
- Start date
http://www.theregister.co.uk/2014/02/05/iframe_attack_injects_code_via_pngs/
Good thing I use NoScript for Firefox.
[EDIT: after looking at the original link inside the link lol.. correct me if i interpereted this wrong, those types of embeded scripts need you to open the PNG in a webbrowser to have there desired affect?, and it appears this could apply to any image format its just happened to be a PNG the original blogger was refering to in his senario ]
strange, I just received a spam messege in one of my gmail accounts with an attached .png ,of course i did not open the image .. however..
.. stranger still, i almost never receive spam, tho there could be tones of spam In gmails /spam directory, I never know because i never use anything to access it just an email client through pop
.. stranger yet, this account that the spam showed up on, is not old and I had Not emailed anyone with it. my first assumption would be that they got the gmail accn address by seeing which new accn names failed due to it already being taken?
the email name i used was short with just letters. wasn't going to be used for anything important thats why i made it memorable. all my other accn names arn't as short and not as memorable, and did not recieve any such spam in the inbox.
I recieved 2 messages, first one was strange in the fact that the spammer had apparently went to lengths to try and message my account with an email account domain generally used in the country of origin which they thought i was from due to the email name... along with country of origin references due to where they thought i was.. They would of been correct assuming by name only but were Way Off lol. The 2nd message was dated 2days later from a random domain... very spammy looking no message etc just a general title trying to make someone think the attached PNG was a file for a claim.
what about JPG, GIF, etc... does this mean most such image formats will be compromised if not already? or are such exploits limited to PNG at the moment for whatever reasons?
i would of switched from gmail already, just havn't figured out yet if theres an actual practical free alternative.. as in one free provider being just as useless as another free provider, so if using a free provider no point in switching to another free provider?
strange, I just received a spam messege in one of my gmail accounts with an attached .png ,of course i did not open the image .. however..
.. stranger still, i almost never receive spam, tho there could be tones of spam In gmails /spam directory, I never know because i never use anything to access it just an email client through pop
.. stranger yet, this account that the spam showed up on, is not old and I had Not emailed anyone with it. my first assumption would be that they got the gmail accn address by seeing which new accn names failed due to it already being taken?
the email name i used was short with just letters. wasn't going to be used for anything important thats why i made it memorable. all my other accn names arn't as short and not as memorable, and did not recieve any such spam in the inbox.
I recieved 2 messages, first one was strange in the fact that the spammer had apparently went to lengths to try and message my account with an email account domain generally used in the country of origin which they thought i was from due to the email name... along with country of origin references due to where they thought i was.. They would of been correct assuming by name only but were Way Off lol. The 2nd message was dated 2days later from a random domain... very spammy looking no message etc just a general title trying to make someone think the attached PNG was a file for a claim.
what about JPG, GIF, etc... does this mean most such image formats will be compromised if not already? or are such exploits limited to PNG at the moment for whatever reasons?
i would of switched from gmail already, just havn't figured out yet if theres an actual practical free alternative.. as in one free provider being just as useless as another free provider, so if using a free provider no point in switching to another free provider?
Last edited:
thanks for mentioning firefox. ive been using chrome up until now and just downloaded firefox along with noscript and adblockplus. how do you normally use noscript? What I mean is do you only whitelist a few websites, temporarily allow scripts on ones you deem trustworthy (and how do you deem a website trustworthy), etc?
I am trying to listen to podcasts on this site:
http://radiomisterioso.com/
and the only way the podcasts load is if i temporarily allow the scripts
Basically, what scripts are safe and required to run to view podcasts and video
I am trying to listen to podcasts on this site:
http://radiomisterioso.com/
and the only way the podcasts load is if i temporarily allow the scripts
Basically, what scripts are safe and required to run to view podcasts and video
Last edited:
lxskllr
No Lifer
I have very few sites whitelisted, and have many blacklisted, I do my blacklist slowly as the mood strikes me. That adds more work to the browsing experience, but it's safer, and overall makes the web faster and less irritating.
For your link specifically, I don't have to allow anything aside from clicking on the web player when it launches. I do have Youtube whitelisted which is one of the few sites I have that is.
Red Squirrel
No Lifer
That's scary. I wonder if Linux is affected by this too. Though I guess the malicious code would probably be more likely to be targeted to Windows. File paths and such would be affecting files in C:\%windows%\ or what not. Perhaps replacing DLLs with malicious ones, or whatever it is these type of things tend to do.
John Connor
Lifer
Go into the options and allow base 2nd level by default to lessen the cumbersomeness. If you run into a heavenly scripted site you can temporally allow the whole page or just scrips that have to do with the video, etc.
razel
Platinum Member
I'm a web developer, it took me awhile to figure out their obfuscation, but good lord, after reading the original blog, it's all about the next to last paragraph which leads you to a service they are selling:
"As is often the case, some creative sleuthing and troubleshooting allowed us to spend the time required to find this lovely little gem. Do we detect it now via our Website Malware Scanner? Absolutely!!!"
The so called iframe exploit is nothing new or dangerous. They are just trying to emphasize that their service is special from others... advertising.
Another reason why journalism these days is become advertising for companies. The person who wrote the article for the register doesn't really know what's going on. Good thing Anandtech is doing a great job of 'walking the line.' If your product does something bad or isn't very good, it may not be stated in the review, but if you read carefully, the data spells it out to you.
"As is often the case, some creative sleuthing and troubleshooting allowed us to spend the time required to find this lovely little gem. Do we detect it now via our Website Malware Scanner? Absolutely!!!"
The so called iframe exploit is nothing new or dangerous. They are just trying to emphasize that their service is special from others... advertising.
Another reason why journalism these days is become advertising for companies. The person who wrote the article for the register doesn't really know what's going on. Good thing Anandtech is doing a great job of 'walking the line.' If your product does something bad or isn't very good, it may not be stated in the review, but if you read carefully, the data spells it out to you.
Last edited:
John Connor
Lifer
URL not found.
razel
Platinum Member
You missed the point... I did not want to link to their product, so I just changed it. Did you see what I changed it to?
You can get the link yourself in your original post. You surely can't be that lazy that you don't thoroughly read the article in your own post? 🙂
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 24K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 24K
-
-
