Katilian said:
Just off the top of my head, from the last 5 or so years there have been exploits for various systems/programs found using JPG, GIF, BMP, WMF, EMF, TIFF and PNG, and for non image formats, MP3, AVI and MOV. You'd have a pretty lousy media system if you removed all those formats. Exploits are generally not inhertent to a format (in the case of WMF/EMF it was) , but are part of poorly written code, usually not doing boundary checking. |
Well, a large portion of the problem has less to do with "lazy" programming as it has to do with lack of understanding how a lot of these exploits work. Most hacks and exploits could (easily) be eliminated if Universities taught their students how to hack a system (as the University of Calgary did a couple of years ago) but, unfortunately, if they try there will be massive negative press and most people will not understand why it is necessary.