Reply to post: Uploading plain text is bad, mhkay?

Softbank's 'Pepper' robot is a security joke


Uploading plain text is bad, mhkay?

As a matter of fact, we were able to upload images, text files which extensions have been modified to images, and even plain text files without performing extension editing

The significance of this escapes me.

Yes, it accepts bad input, but what happens next? A badly written parser can be susceptible to buffer overflow attacks and similar, but a file's extension is irrelevant. So, what are the researchers trying to tell us here?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019