[govsec] Morris Worm and a Change in Direction
security curmudgeon
jericho at attrition.org
Sat Nov 6 14:24:43 EST 2004
: Translating content into what should be equivalent content in
: another form is used. Some of the problems recently seen with image
: formats containg exploits just shows that there are few safe data
: formats.
It isn't just that the format isn't secure that we need to worry
about. You propose that a system be implemented to scan and convert
between MIME/file types. Historically, these implementations are just as
insecure as anything else. How many vulnerabilities are there related to
e-mail scanning systems (virus, content, etc)?
: jpeg <-> gif <-> jpeg as an example could be done at the gateway to
: clean up images and remove steganography. Likewise mp3 <-> wma <-> mp3
: could be used do the same.
This still poses a risk. Instead of a gif or jpg being used to execute
arbitrary code when rendered in a browser, it could just as well be
designed to execute when processed by the engine that converts.
More information about the govsec
mailing list