Security Week 12: Twitter Steganography

Storing data in formats not originally adapted for this is often discussed in the field of information security. As a rule, steganography is used for secret transmission of information: for example, an infected system contacts the C&C server and transfers seemingly harmless images.

Last week, another exercise on this topic took place at the white-hat camp: researcher David Buchanan found a way to share files via pictures on Twitter (news, page on GitHub with description and code).

There is no vulnerability here: you can insert data into a PNG image in different ways, and in this case you don’t even need a special tool for decoding. It is enough to rename the .png file to .zip and unpack the data from the resulting archive.

The author of this trick found a feature of the image processor on Twitter, which removes some of the redundant data from the file, but does not touch one of the areas of the IDAT, where the redundant information is hidden. The method has limitations: if the final file is more than 3 MB, Twitter will convert the image to JPEG. A demonstration of the method is available at twitter the author, and the image from there is given above: the trick also works on Habré (at the time of publication). Hidden inside the image zip file is Python code that allows you to hide arbitrary data in PNGs.

One more demonstration with a thicker file: David could not resist and made a “rickroll” in a single picture. In addition to Twitter and Habr, a similar method works on the Imgur image hosting and in the GitHub repository, but does not work, for example, on Reddit.

What else happened:

Big news of the week: unveiled earlier vulnerabilities in high-performance network devices F5 BIG-IP and BIG-IQ active exploit, an exploit to bypass authentication systems is in the public domain.

Evaluation of damage from vulnerabilities in Microsoft Exchange Server continues, including outside the United States. Belgian Cyber ​​Response Center informs about 400 affected (read, hacked) mail servers. Microsoft has published detailed recommendation for system administrators to “cure” attacked servers. Also came out set regular updates for Exchange Server, including the one that solves problems that might arise after the “crash patch”.

Another patch from Microsoft aims to close all printing problems in Windows 10 caused by unsuccessful updates released earlier.

The computer manufacturer Acer was allegedly successfully attacked by a ransomware. By data BleepingComputer, they demand $ 50 million from the company.

Facebook has collected their command Information security researchers, an analogue of Google Project Zero and other projects.

Research by Kaspersky Lab experts: analysis of adware for macOS with Rust code and parsing malicious code supporting the Apple M1 architecture.

Vulnerability found in WordPress plugin TutorLMSthreatening data theft and privilege escalation.

Netflix introduces the rule, according to which the simultaneous use of the account in different locations must be confirmed by the owner. The streaming service is struggling not so much with ordinary users who pass passwords to friends, but with the black market of accounts.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *