Security researchers presenting information at next week’s Black Hat convention are expected to demonstrate a particularly nasty method for stealing online credentials from users on any number of websites that allow users to upload their own pictures. The exploit will work by displaying what looks like a .gif picture, but contains a Java applet that can be triggered to run after the fact in the victim’s browser. They call the file a GIFAR. The bad guys would create a profile on one of these popular Web sites