Collaborate Disseminate
I received a message from a friend with a link. I never clicked it, but the thumbnail image shown pretended to be an image preview for a YouTube video. Some of her other friends clicked it and it took them to a fake Facebook page where it … Continue reading Are preview thumbnails for links a risk?
There are many ways to update an embedded system in the field. Images can fly through the air one a time, travel by sneaker or hitch a ride on other passing data. OK, maybe that’s a stretch, but there are certainly a plethora of ways to get those sweet update …read more
Do commercial AV suites examine image files (pictures) for potential malware that might be imbedded via steganography? Is this a concern for most?
I deal with a lot of imagery data and am wondering what the risk of exposure is.
Is this a good idea to make the following text message encryption:
accept text from the user 1
store the text into a document in the form of some handwritten font
convert the document into an image
apply noise to the image
encrypt the ima… Continue reading Encrypt Text Message as Image
Performing over-the-air updates of devices in the field can be a tricky business. Reliability and recovery is of course key, but even getting the right bits to the right storage sectors can be a challenge. Recently I’ve been working on a project which called for the design of a new …read more
A JSON response in the API of a webapp is returning the base64 of a user-uploaded image, and there’s no X-Content-Type-Options Header to prevent MIME sniffing.
Could this be a potential vulnerability such as an XSS for the webapp by using … Continue reading Potential vulnerability in JSON response returning base 64 encoded image data, with the response being vulnerable to MIME sniffing
I am currently studying regarding SSRF. I noticed that an injection vector where SSRF might be present is always parameters that is related to url (Importing image using URL, others). I have encountered a couple of endpoints where request … Continue reading SSRF Through Image Url
For example, if someone uploads a malicious image on website like Instagram or Facebook, and then hundreds of people viewed this image, wouldn’t that be an easy way to infect the devices of hundreds or thousands of people? If so, why do pe… Continue reading If malware can be attached to an image file, then why aren’t images a common attack vector?
Schlieren imaging is a technique for viewing the density of transparent fluids using a camera and some clever optical setups. Density of a fluid like air might change based on the composition of the air itself with various gasses, or it may vary as a result of a sound or …read more
Background
Per the project website, wkhtmltopdf is a "command line tool to render HTML into PDF using the Qt WebKit rendering engine. It runs entirely "headless" and does not require a display or display service."
The w… Continue reading How can wkhtmltopdf be used without introducing a security vulnerability?