There was an interesting post to the OCAL mailing list about the possibility of embedding malware in an SVG file, and how was it being dealt with. The answer is that it isn’t currently but clearly it needs to be. One of the most interesting aspects is that it can be time sensitive. e.g. A perfectly good piece of clipart could become an advert after it’s been displayed for 5 minutes. This means that the problem does not involve any data outside of the file itself, and cannot be detected from generated thumbnails…. aargh, this’ll be hard to solve.
About
I’m David Illsley, I work in Web Services development at IBM Hursley, which involves work on the Apache WS Project, where I am a committer and PMC member. When not working with technology, I spend a lot of time on the backstage aspects of theatre, and a sadly decreasing amount of time reading.
Archives
c
Disclaimer
The postings on this site solely reflect the personal views of the author and do not necessarily represent the views, positions, strategies or opinions of IBM or IBM management.
Twitter Updates
- @katshann methinks someone's playing referrer games... (not me)... I'm barely in the top 30 search terms for my blog in the last 30 days 2 hours ago
- @goodgravy Good luck! Sounds hopeful... 14 hours ago
- Struggling to 'Open Link in New Tab' in recent Firefox nightlies. Muscle memory is just too strong 3 days ago
- Dice games... what's the worst that can happen... #fb 5 days ago
- Apparently one of my colleagues is 'prepared for DELETION'. That's a little more Logan's Run than I think he's expecting. 6 days ago
0 Responses to “Data files and security”