August 2009
Beginner
298 pages
9h 5m
English
Content preview from Hacking: The Next Generation
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Advanced Content Ownership Using GIFARs
In this section, we will tell you the story of a simple steganography trick that led to the discovery of a devastating new attack vector. Today’s sophisticated attackers are likely to exploit such tricks to steal content and execute transactions from vulnerable applications that may reside behind an organization’s perimeter.
In January 2007, Lifehacker.com posted a description of how users could hide ZIP files within image files. You can find the post at http://lifehacker.com/software/privacy/geek-to-live--hide-data-in-files-with-easy-steganography-tools-230915.php.
This “stego trick” worked because image-rendering software reads files from the “top” (header) down, consuming data that represents the GIF format and ignoring data that makes up the compressed ZIP file. Tools that work with ZIP files, on the other hand, typically begin reading files from the “tail” (footer) up, and ignore the data that makes up the GIF image. Attackers quickly realized that because JAR files are also based on the ZIP format, they could use this trick to hide JAR files in GIFs, and thus the GIFAR was born.
The combination of a GIF and a JAR file creates a GIFAR. Figure 2-14 shows a simple representation of a file that is both a GIF image and a JAR file.
Figure 2-14. A GIFAR
An examination of the file in a hex editor shows the header of a GIF file and the footer containing ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.