Next week, there will be a Black Hat computer security conference in Las Vegas. Researchers will talk about and demonstrate all sorts of evil, unethical or borderline software and techniques.

One such new program is a GIFAR, or hybrid file. It is a combination of a (graphics interchange format) and a (Java Archive).

When you open such a file, it will allow the attacker to run code in your , and therefore steal your login credentials from any account you log in to. The attack would work on any site that allows you to upload files.

Java is a programming language made by Sun Microsystems. is expected to issue a patch for shortly after the conference, to prevent this attack. In fact, it would be a good idea to check if you have the latest version now.

Go to http://java.com and click on “Do I have Java?” Follow the instructions.

The researchers claim that there may be many ways to mount this attack, and other types of attacks are possible. They say browser security needs to be much improved.

They may well be right, but here’s my question: Why do legitimate researchers spend their time thinking up attacks like this? Don’t they have anything better to do? Like thinking up new applications and improvements??

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!