SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Tuesday, August 26th, 2025: Decoding Word Reading Location; Image Downscaling AI Vulnerability; IBM Jazz Team Server Vuln
6 snips
Aug 26, 2025 Uncover the secrets of Microsoft Word as experts reveal how it tracks document interactions. Delve into the risks posed by AI image downscaling, where seemingly innocent photos can unleash harmful text. The discussion doesn't stop there; learn about a critical vulnerability in the IBM Jazz Team Server that poses serious security threats. Discover advancements in understanding document security and how to safeguard against these emerging cyber risks!
AI Snips
Chapters
Transcript
Episode notes
Word Stores Last-Read Position In Registry
- Microsoft Word stores the last-read position for a document in the Windows registry as an encoded value.
- Decoding that value links a registry entry to a specific location inside the document, useful for forensic timelines.
Downscaling Can Create Hidden Prompt Injection
- Image downscaling can unintentionally create visible text artifacts for ML models that are invisible to humans.
- That enables prompt-injection via images because models can't reliably separate data from executable prompts.
Don't Downscale Images Server-Side For AI
- Avoid downscaling images server-side before AI processing because scaling can reveal hidden text to models but not humans.
- Instead, restrict uploaded image resolution so users must downscale locally and can inspect content first.