The Insecurity of Photo Cropping – Schneier on Security

1 year ago AndyC

The
Insecurity
of
Photo
Cropping

The

Intercept
has
a

long
article
on
the
insecurity
of
photo
cropping:

One
of
the
hazards
lies
in
the
fact
that,
for
some
of
the
programs,
downstream
crop
reversals
are
possible
for
viewers
or
readers
of
the
document,

The
Insecurity
of
Photo
Cropping

The

Intercept
has
a

long
article
on
the
insecurity
of
photo
cropping:

One
of
the
hazards
lies
in
the
fact
that,
for
some
of
the
programs,
downstream
crop
reversals
are
possible
for
viewers
or
readers
of
the
document,
not
just
the
file’s
creators
or
editors.
Official
instruction
manuals,
help
pages,
and
promotional
materials
may
mention
that
cropping
is
reversible,
but
this
documentation
at
times
fails
to
note
that
these
operations
are
reversible
by
any
viewers
of
a
given
image
or
document.

[…]

Uncropped
versions
of
images
can
be
preserved
not
just
in
Office
apps,
but
also
in
a
file’s
own
metadata.
A
photograph
taken
with
a
modern
digital
camera
contains
all
types
of
metadata.
Many
image
files
record
text-based
metadata
such
as
the
camera
make
and
model
or
the
GPS
coordinates
at
which
the
image
was
captured.
Some
photos
also
include
binary
data
such
as
a
thumbnail
version
of
the
original
photo
that
may
persist
in
the
file’s
metadata
even
after
the
photo
has
been
edited
in
an
image
editor.


Tags:
,
,
,

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

More Stories

Adobe fixed multiple critical flaws in Acrobat and Reader

Adobe fixed multiple critical flaws in Acrobat and Reader

1 hour ago AndyC
Ransomware attack on Singing River Health System impacted 895,000 people

Ransomware attack on Singing River Health System impacted 895,000 people

7 hours ago AndyC
Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days

Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days

13 hours ago AndyC
Patch Tuesday, May 2024 Edition – Krebs on Security

Patch Tuesday, May 2024 Edition – Krebs on Security

13 hours ago AndyC

Ezlo A Review of Their Smart Home Solutions (2024)

19 hours ago AndyC
VMware fixed zero-day flaws demonstrated at Pwn2Own2024

VMware fixed zero-day flaws demonstrated at Pwn2Own2024

19 hours ago AndyC

You may have missed

Black Hat Asia 2024 NOC: Cisco Security Cloud

1 hour ago AndyC

How To Spot A Fake Facebook Account

1 hour ago AndyC
Adobe fixed multiple critical flaws in Acrobat and Reader

Adobe fixed multiple critical flaws in Acrobat and Reader

1 hour ago AndyC
4 ways AI will change the ITOps landscape in 2024

4 ways AI will change the ITOps landscape in 2024

1 hour ago AndyC
3 ways to break out of AI ‘pilot purgatory’

3 ways to break out of AI ‘pilot purgatory’

1 hour ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.