DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 31st December 2010
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,116
Thanked 182 Times in 149 Posts
Default 27C3: danger lurks in PDF documents

From http://www.h-online.com/security/new...s-1162166.html

Quote:
At the 27th Chaos Communication Congress (27C3) in Berlin, security researcher Julia Wolf of US company FireEye pointed out numerous, previously hardly known, security problems in connection with Adobe's PDF standard. For instance, a PDF can reportedly contain a database scanner that becomes active and scans a network when the document is printed on a network printer.

Wolf said that the document format is also full of other surprises. For example, it is reportedly possible to write PDFs which display different content in different operating systems, browsers or PDF readers – or even depending on a computer's language settings.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #2   (View Single Post)  
Old 1st January 2011
backrow backrow is offline
Real Name: Anthony J. Bentley
Shell Scout
 
Join Date: Jul 2009
Location: Albuquerque, NM
Posts: 116
Thanked 10 Times in 4 Posts
Default

Quote:
For example, it is reportedly possible to write PDFs which display different content in different operating systems, browsers or PDF readers…
I knew this already, as I’ve come across PDFs that display nothing but “you must download Adobe Reader to view this document.” :\

PDF is not actually a bad format, but Adobe keeps adding more and more crap to justify every new release of their software. Scripting, embedding, and all that garbage are what open the security holes. Maybe it’s time to start rejecting documents that don’t follow the sane PDF/A subset.
__________________
Many thanks to the forum regulars who put time and effort into helping others solve their problems.
Reply With Quote
  #3   (View Single Post)  
Old 1st January 2011
TerryP's Avatar
TerryP TerryP is offline
Arp Constable
 
Join Date: May 2008
Location: USofA
Posts: 1,547
Thanked 112 Times in 104 Posts
Default

Hmm, another reason to use PostScript me thinks?
__________________
My Journal

Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''.
Reply With Quote
  #4   (View Single Post)  
Old 1st January 2011
IdOp's Avatar
IdOp IdOp is offline
Too dumb for a smartphone
 
Join Date: May 2008
Location: twisting on the daemon's fork(2)
Posts: 534
Thanked 14 Times in 13 Posts
Default

All this, from the people who brought us Flash ... surprise, surprise!!
Reply With Quote
  #5   (View Single Post)  
Old 1st January 2011
drhowarddrfine drhowarddrfine is offline
VPN Cryptographer
 
Join Date: May 2008
Posts: 358
Thanked 9 Times in 8 Posts
Default

Quote:
Originally Posted by TerryP View Post
Hmm, another reason to use PostScript me thinks?
Wethinks so, too.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Solaris 11 express auto-install, documents are where? Mr-Biscuit Solaris 1 31st December 2010 02:57 AM


All times are GMT. The time now is 05:36 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick