- This says none of these attacks survive traditional sanitization.
You probably mean the opposite.
- You claim rebuilding from raw pixels, while calling steganography a threat.
Of course, steganography is in the raw pixel values you say you keep. And it's neither the same kind of threat (it is not a hostile input), nor does “CDR” do anything about it.
. . .
2. If you want this to take off, move a click up the value chain. Enterprises that care, don't want your API because they won't hire anyone who can do anything with it.
Instead, and you can have this for free:
a) Implement a plugin for Outlook that sanitizes email image embed, and extensions for browsers. It should run locally. Ship that for free.
b) At enterprise licensing pricing, implement a proxy server plugin that works with the top enterprise proxies to sanitize images while passing them through, caching them for subsequent requests, etc., all the things that make this a single drop in control for the entire proxied enterprise footprint.
c) Get a patent for $10k - $15k, costs more to be hard to workaround.
d) Write your contract so hostile image data belongs to you, license that attack data to the big infosec detection firms, likely also putting you in play for acquisition.
. . .
3. This site and this post doesn't read like Show HN. It reads like one cool trick SEO sales copy. The same day old account doesn't help.
Interesting ideas. The bridge from what he built to what you suggest is far. The free outlook plugin sounds like a good onboarding vector but who downloads outlook plugins? Not the type of person in a medium/large company who is using 360 and/or has IT manage software like outlook.
You are on step 49. Being able to sell hostile image data requires a volume. The free plugin is local so is the plan to sell corporate data?
Investing in a software patent without the ability to enforce is a waste of money.
I think he might be better off making this into a wordpress plugin before going to outlook.
[dead]
1. Worth proof-reading LLM copy. For instance:
- This says none of these attacks survive traditional sanitization.
You probably mean the opposite.
- You claim rebuilding from raw pixels, while calling steganography a threat.
Of course, steganography is in the raw pixel values you say you keep. And it's neither the same kind of threat (it is not a hostile input), nor does “CDR” do anything about it.
. . .
2. If you want this to take off, move a click up the value chain. Enterprises that care, don't want your API because they won't hire anyone who can do anything with it.
Instead, and you can have this for free:
a) Implement a plugin for Outlook that sanitizes email image embed, and extensions for browsers. It should run locally. Ship that for free.
b) At enterprise licensing pricing, implement a proxy server plugin that works with the top enterprise proxies to sanitize images while passing them through, caching them for subsequent requests, etc., all the things that make this a single drop in control for the entire proxied enterprise footprint.
c) Get a patent for $10k - $15k, costs more to be hard to workaround.
d) Write your contract so hostile image data belongs to you, license that attack data to the big infosec detection firms, likely also putting you in play for acquisition.
. . .
3. This site and this post doesn't read like Show HN. It reads like one cool trick SEO sales copy. The same day old account doesn't help.
Reconsider if authenticity matters.
Interesting ideas. The bridge from what he built to what you suggest is far. The free outlook plugin sounds like a good onboarding vector but who downloads outlook plugins? Not the type of person in a medium/large company who is using 360 and/or has IT manage software like outlook.
You are on step 49. Being able to sell hostile image data requires a volume. The free plugin is local so is the plan to sell corporate data?
Investing in a software patent without the ability to enforce is a waste of money.
I think he might be better off making this into a wordpress plugin before going to outlook.
How did a JPEG end up compromising a user's entire backend?