EXIF security problem
Deutsch Русский Espanol Italiano Eesti keel
"Simplemente, genial X-D", anonymous user
"Excellent page! Now I can watch porn and tell 'I am doing security research'" - Security Chief of big undisclosable company
爱沙尼亚(Estonia)的小伙Tonu Samuel 专门做了一个小搜索系统去搜索网上的图片,然后把原图和修改后的图一并登出来。遇到这样喜欢恶作剧,精力旺盛又充满创意的人有时候也挺头痛的。("Encounter like mischievous, energetic and creative people sometimes quite a headache." as translated by Google)
Digital cameras store small image called "thumbnail" inside big image content. Usually this image gets lost in later image processing, but sometimes thumbnail contain sensitive information cropped off from big image.
Automated script downloads JPEG files from web and analyses them for thumbnail and image differences and and puts possible candidates in MySQL database. Result are visible on this page.
Idea itself came from outside. There was one famous case with Cath Schwartz and some blog entries but not real code or original images with thumbnails. So I decided to investigate problem myself.
Currently I have found hidden information on web pages of FBI, CIA, Skype, different police pages and of course all kind of hot-or-not type of sites full of amateur photos
Forum is available here. Write there about new ideas, found pictures, technical questions and so on....
Latest unvoted findings (4053 total, 10 shown)
http://www.mailleartisans.org/weaves/pics/sm7059ed_weave-prejudiced_rhinos.jpg
http://commentburner.com/great_weekend/bday3206.jpg
http://www.sceneramicphoto.com/news_letters/0020/Balnarring-Beach-2.jpg
http://www.nra.lv/fis/pics/20070324_576654_sm.jpg
http://www.ilaste.it/images/small/aboutus.jpg
http://img514.imageshack.us/img514/7465/vieenroseuj0.jpg
http://i72.photobucket.com/albums/i163/KAMEAL/NAOMI.jpg
http://blog.wired.com/photos/uncategorized/2007/04/19/250pxcrowd_in_hk.jpg
http://i132.photobucket.com/albums/q2/Ouigee/OuigeeRedgreeting-2.jpg
http://www.jan-koch.com/malaysia/pics/dcp_2978-m.jpg
Many images are hidden because people voted them off. Only ones with low votes or positive votes are shown
http://209.200.92.65/files/hardware/ixt/plxtg398_100.jpg
Original picture:
EXIF Thumbnail:
http://38.100.174.3/media/m1/uploads/2ef5519484efc50095c681833a70aa46@t4.jpg
Original picture:
EXIF Thumbnail:
http://6.blog.xuite.net/6/4/0/2/12703909/blog_37516/txt/11739371/0.jpg
Original picture:
EXIF Thumbnail:
http://6.blog.xuite.net/6/4/0/2/12703909/blog_37516/txt/11749387/0.jpg
Original picture:
EXIF Thumbnail:
http://64.111.216.18/ul/2108-bs20.jpg
Original picture:
EXIF Thumbnail:
http://64.111.216.18/ul/2174-bs7.jpg
Original picture:
EXIF Thumbnail:
http://80.65.232.176/Photos/00/00/04/53/ME0000045322_1.jpg
Original picture:
EXIF Thumbnail:
http://80.65.232.176/Photos/00/00/05/50/ME0000055072_1.jpg
Original picture:
EXIF Thumbnail:
http://80.65.232.176/Photos/00/00/06/22/ME0000062236_1.jpg
Original picture:
EXIF Thumbnail:
http://80.65.232.176/Photos/00/00/06/50/ME0000065022_1.JPG
Original picture:
EXIF Thumbnail:
http://80.65.232.176/Photos/00/00/06/80/ME0000068083_1.jpg
Original picture:
EXIF Thumbnail:
http://80.65.232.176/Photos/00/00/06/80/ME0000068087_2.jpg
Original picture:
EXIF Thumbnail:
http://80.65.232.176/Photos/00/00/06/81/ME0000068182_1.jpg
Original picture:
EXIF Thumbnail:
http://a-la-louche.typepad.fr/photos/photos_hong_kong/dscn0082-thumb.jpg
Original picture:
EXIF Thumbnail:
http://a1692.g.akamai.net/f/1692/2042/7d/argoul.blog.lemonde.fr/files/2007/07/paris-musee-branly-plan.1183451564.jpg
Original picture:
EXIF Thumbnail:
http://a1692.g.akamai.net/f/1692/2042/7d/pascalelogetinbreizh.blog.lemonde.fr/files/2007/05/signature-accord-alimentation-agri-turin_1.1179941827.jpg
Original picture:
EXIF Thumbnail:
http://americancopywriter.typepad.com/photos/uncategorized/coffeecup_8.jpg
Original picture:
EXIF Thumbnail:
http://amywelborn.typepad.com/photos/spring_and_summer_2006/bigmouth-thumb.jpg
Original picture:
EXIF Thumbnail:
http://amywelborn.typepad.com/photos/spring_and_summer_2006/five-thumb.jpg
Original picture:
EXIF Thumbnail:
http://apu.mabul.org/up/4/apu-4-zj22zqfu27xutjss1gyhvev4.jpg
Original picture:
EXIF Thumbnail:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110
Number of listed images: 2194
Source code of current page is available here and crawler is mnogosearch 3.2.37 patched to parse exif information. Patch is here. It is known to work with version 3.2.29 without problems too.
There is a list of referers to this page
You might also look at my homepage http://no.spam.ee/~tonu/ where is absolutely nothing interesting ;P
Translation help needed! If you can write some introductory text about this problem in your language, I want to post it here on this page. Especially needed languages are Chinese and Japanese, but any language is welcome. Send mail to me tonu@jes.ee
Web indexer database is running on Sun Enterprise 10000 computer, web server is ordinary PC
