The hunt is on for file format bugs - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Advisory Watch: May 17th, 2013

Linux Security Week: May 13th, 2013

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

The hunt is on for file format bugs

User Rating:

How can I rate this item?

Source: CNET News - Posted by Pax Dickinson

New tools could help bug hunters find vulnerabilities in popular file formats, such as the JPEG and GIF image formats. Flaws in how applications handle those file formats are drawing interest among security researchers, according to speakers at the Black Hat security conference here.

Some of those bugs can be serious: A victim's PC could be hijacked by simply viewing an image on a Web site or in an e-mail. Microsoft issued three "critical" security bulletins earlier this month, two related to file format flaws.

There could be a significant increase in the discovery of such flaws. iDefense, a security intelligence company, is making available tools that let researchers automate the discovery of file format vulnerabilities. The company released the tools Thursday in conjunction with Black Hat.

"I really do think this is a low-hanging-fruit area for vulnerabilities," Michael Sutton, a lab director at iDefense, said in a presentation at Black Hat. iDefense itself has found several file format flaws. "We really did not work hard to find the vulnerabilities. We did work hard on the tools."

Read this full article at CNET News