Security Breach Using Avatars? | WordPress.org

gatorgse
(@gatorgse)

15 years, 8 months ago

I read this on Slashdot, and was wondering if this is a problem with WordPress themes that allow avatars with comments. If they use their own, would this come into play? Any thoughts?

“InfoWorld reports on a new potential ploy for stealing Web user’s private information: Researcher has found that by placing a new type of hybrid file on Web sites that let users upload their own images, they can circumvent security systems and take over Web surfers’ accounts. ‘They call this type of file a GIFAR, a contraction of GIF (graphics interchange format) and JAR (Java Archive), the two file-types that are mixed. At Black Hat, researchers will show attendees how to create the GIFAR while omitting a few key details to prevent it from being used immediately in any widespread attack.'”

I also posted this in Themes and templates.

The topic ‘Security Breach Using Avatars?’ is closed to new replies.

Tags

avatars

In: Fixing WordPress
0 replies
1 participant
Last reply from: gatorgse
Last activity: 15 years, 8 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics