HN2new | past | comments | ask | show | jobs | submitlogin

I wonder how many file formats are subject to injection attacks? You could embed the entire universe in PDF, for example, and it would not change the file’s visual appearance at all.


Too many to count, basically anything, even text.

You can hide command and control instructions in text-only instagram posts.

https://boingboing.net/2017/06/07/watering-holes.html


Back when I still used Acrobat for PDFs it was shocking the amount of plugins it loaded and the performance penalty that they came with.


> The entire universe

Might affect the file size a little bit though...


And watch out with compression, or it may collapse into a black hole.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: