Re: EXIF thumbnails - now with sourcecode

["KF (lists)" <kf_lists () digitalmunition com>]

You forgot the link....

http://no.spam.ee/~tonu/exif/

-KF


Tonu Samuel wrote:

> Maybe year ago this EXIF thumbnails security topic already was discussed in 
> security lists. Mail problem to me was lack of real world examples or any 
> kind of statistics of this problem. People who published this problem did not 
> shared source code used. There was many technically problematic things to 
> solve before anyone was able to repeat the experiment.
>
> I decided to write own software to find how how distributed this problem is 
> and get some statistics. I cannot tell you right numbers but approximately 1% 
> or less jpg images contains any exif thumbnails which in opinion of my 
> software have some difference from big image. I already excluded URLs 
> containing word "thumb" and many other possibly bad matches, so 1% is still 
> overestimated. 
> Most of this 1% is 90 degrees rotations, small crops and other not-so 
> important changes. Less than 1% of those 1% contain something sensitive. This 
> is question of definition.
>
> Well, I made some page where you can see what is already found and also you 
> can grab source code and try it yourself. Currently i found images on sites 
> of FBI and CIA and many other places. 
>
>   Tõnu
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>  

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/