Hacker News new | past | comments | ask | show | jobs | submit login

I think this has some interesting applications in spearphishing etc:

You know the Bob Boss uses IE so you send a link to a "specially crafted" web page that uses an image like this to show the boss a completely smart solution (place high value object in this location inside vault) and ask him if it is OK. Now just get Bob to forward the link to the web page to Alise who uses some other, known web browser and she sees a map with a location outside the vault.

Just a thought: for now if you own the server anyway you can just do browser sniffing and send two completely different images..




It would be interesting to try the same attack via email attachments, i.e. get Bob to check an image with a contract, then forward it to Alice saying 'this is approved' but the wording of her contract is different to the one he read.


I don't understand the map part.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: