More on GIFARS and Other Dangerous Attacks

This is a continuation from my previous post. The reasons why GIFARs, although in my case it was JPGAR (from JPG + JAR), work was explained to me by FX (Recurity Labs) after my talk during the last Black Hat in Amsterdam.

Basically, when you combine GIF/JPG and JAR/ZIP you have a hybrid file which have two heads. The head of GIF/JPG file is at the top. The head of the JAR/ZIP file is at the bottom. [...]

more | comments | comments rss | posted by

GIFARs and Other Issues

A lot of people have asked me (especially reporters) about the GIFAR attack since it resembles what I have already spoken about here and presented at the last Black Hat in Amsterdam. So, I decided to shed some light without being too revealing as the talk, which will demonstrate and explains the attack in more details, will give away the awesome stuff.

So yes, the whole notion of combining JAR files with other types of files is not new. [...]

more | comments | comments rss | posted by