
How Hackers Are Hiding Content and Links via PNG Files - squiggy22
http://www.thesempost.com/hackers-hiding-content-links-png-files/
======
herodotus
I wonder how many file formats are subject to injection attacks? You could
embed the entire universe in PDF, for example, and it would not change the
file’s visual appearance at all.

~~~
cgb223
> The entire universe

Might affect the file size a little bit though...

~~~
IntronExon
And watch out with compression, or it may collapse into a black hole.

------
peterburkimsher
I'm interested in encoding data into image files.

The Cemetech TI-84+ calculator emulator uses image files to load the ROM from
a phone.

[https://www.cemetech.net/projects/jstified/](https://www.cemetech.net/projects/jstified/)

I couldn't load the ROM for some reason, until I synced the photo to my iPhone
via iTunes over USB.

The image gets recompressed when doing a "Save to Camera Roll" or uploading to
Facebook.

I did some more investigation with a checkerboard pattern, and was shocked at
how quickly the image data was lost.

If there's a way to have error-correcting codes to recover data from an image,
please let me know!

(the application for this is to load 9.9 MB of lyrics data into LocalStorage
so a user can search songs with Pingtype, and I wouldn't need to host it on my
own server where the lyrics are vulnerable to DMCA takedowns)

------
fenwick67
Is this a typical Wordpress attack goal? To just get more links and improve
your Google PageRank?

What a world.

~~~
abandonliberty
Yes. I've also seen attempts to steal data.

Must pay well.

------
stephen82
I have shared my story in the article's comments how a virus affected our
hosting company's server and had to move us on a newer one.

All of this from inside a .ico file...complete madness!

------
GrumpyNl
Ahhh, the good old days, inject javascript in gifs and see it run.

------
_pdp_
There are many non-printable characters that can be used to hide whatever you
want in plain sight.

