Discussion

Sorry, you cannot view this.

@SpaceLifeForm@infosec.exchange replied · 2 months ago

Who knew that tracking pixels could be 64KB in size?

You would not notice just by looking at them.

"To my surprise, the size limit of the Exif header was much larger than expected. An entire 64-KB worth of metadata can be stored in the image. But better yet, a single Exif field can use up the entire 64-KB of space."

#Exif

Jernej Simončič �

@jernej__s@infosec.exchange replied · 2 months ago

@malwaretech Instead of using EXIF in JPEG, how about using tEXt chunk in a PNG? It can be much larger (up to 2 GB IIRC), and a conveniently-placed nul byte will similarly hide the content from normal viewers.

kas (she/her)

@1casie@mas.to replied · 2 months ago

@malwaretech thank you, malwaretech from infosec dot exchange

Reed Mideke

@reedmideke@mastodon.social replied · 2 months ago

@malwaretech @jernej__s RIFF used by webp also looks like it should be easy to stuff in large chunks that will be ignored by standard conforming viewers/browsers https://developers.google.com/speed/webp/docs/riff_container

Google for Developers

WebP Container Specification | Google for Developers

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.1-alpha.41 no JS en

Automatic federation enabled