moin moin, during Aaron's presentation last night we discussed how a static video or image file could be used to infect a computer. Here's a group that used a DNA sequence to exploit a buffer overflow in an application that searches DNA sequences. In this case they cheated, by adding the vulnerability, but it demonstrates what we were discussing at the meeting last night. ---- “The conversion from ASCII As, Ts, Gs, and Cs into a stream of bits is done in a fixed-size buffer that assumes a reasonable maximum read length,” explained co-author Karl Koscher in response to my requests for more technical information. That makes it ripe for a basic buffer overflow attack in which programs execute arbitrary code because it falls outside expected parameters. (They cheated a little by introducing a particular vulnerability into the software themselves, but they also point out that similar ones are present elsewhere, just not as conveniently for purposes of demonstration.) ---- https://techcrunch.com/2017/08/09/malicious-code-written-into-dna-infects-the-computer-that-reads-it/# ciao, der.hans -- # https://www.LuftHans.com https://www.PhxLinux.org # You can't handle the source! - der.hans