Malicious Exploit Threatens Online Images13 May
A malicious exploit in online images? Not implausible, but definitely enough to raise some eyebrows. According to online publication Engadget, hackers discovered that they could run a code of their choosing on a server of their choosing. In particular, a web-based picture processing company called ImageMagick experienced the effects of this attack as simple exploits were found on their very servers. The hackers in question just had to upload a maliciously coded image and, so long as ImageMagick handled the infected image, presto! An otherwise unassuming and blindly trusted user upload just brought down a whole server (or more).
Obviously they found the issue prior to anything substantial happening to ImageMagick’s online presence – using the information provided by the researchers, the image processing security team is working on closing the security holes in question. In the meantime, the applications and SaaS products most vulnerable to such attacks beyond ImageMagick were contacted directly so that they might be able to fix the issues without raising any major concern amongst their user base. Initially discovered by security researcher Nikolay Ermishkin, an ImageMagick developer and researcher originally went live with the information only after it had been strewn about the Internet ahead of Ermishkin’s planned statement.
This really points to a matter of how much security is necessary on a peer-driven site for two reasons. One is that, on a peer-driven site, these users are expecting their profiles and uploaded data to be safe and secure, not susceptible to a malicious exploit like the one described. Two, companies cannot be open to potential cyber attacks (like the one listed above) no matter how much of their site is peer-driven. Monitor and increase security, and keep it ironclad – at the end of the day it won’t take away from the user experience and your users will feel confident interacting within its confines.