It's astonishing that it's as simple as CATting a zip file to the end of a jpg. ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		AnabeeKnox on Oct 31, 2018 \| parent \| context \| favorite \| on: JPEG image of Shakespeare which is also a zip file... It's astonishing that it's as simple as CATting a zip file to the end of a jpg. I feel there are consequences here for any website that accepts image uploads.

MaxBarraclough on Oct 31, 2018 [–]

> I feel there are consequences here for any website that accepts image uploads

Steganography can be done even without file-format hacks; all that's special about this hack is its simplicity.

It could easily be defeated -- I'm sure Twitter would have no trouble sanitizing uploaded image files if they wanted to.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact