![]() The thumbnail vulnerability Murdoch found in 2004 was conceptually similar to aCropalypse from a data privacy standpoint but had very different technical underpinnings because of issues in application programming interface design. ![]() ![]() What is not checked is whether there is accidentally extra data stored.” You save an image, you can open the image, and then you’re done. “And I think the reason is because when software is written, it’s tested to make sure that the thing you expect is there. “This isn’t the first time I’ve seen this sort of vulnerability,” Murdoch says. Steven Murdoch, a professor of security engineering at University College London, notes that in 2004 he discovered a vulnerability in which an older version of an image was stored in the thumbnail data for the image even after it had been altered. The researchers point out, though, that this is not true of all platforms, including Discord.Īs a Discord user, Buchanan say he kept seeing people posting cropped screenshots, and it was really hard to not say anything before the vulnerability was publicly disclosed. Images posted to sites like these are not at risk,” Google spokesperson Ed Fernandez says in a statement. “As part of their existing compression process, apps and websites that recompress images, like Twitter, Instagram, or Facebook, delete extra data automatically from images uploaded.
0 Comments
Leave a Reply. |