The Digital Rag
Real World Information in a Virtual World
Sign Up!
Login Welcome to The Digital Rag
Tuesday, February 07 2012 @ 01:23 PM PST

We all think PDFs are safe - think again

Sunday, September 23 2007 @ 11:42 AM PDT

Contributed by: Richard Pitt

Computers in UseI send my invoices out as PDF files - many companies do similarly with documents they want to ensure are not easily changed by the recipient - but that look like a printed document on screen, and can be printed by a variety of different printers with good fidelity to the original. In many respects, the commercial world of the 21st century runs on PDFs.

Heck, I downloaded a couple of help documents last night that were PDF files - and I have not only the Linux tools to read them, I also (through Crossover) a real Adobe Reader version running on my Linux system if I want to use it. And of course I do have a Windows box that I use when all else fails. Until now, I haven't thought twice about opening a PDF file - but that has now changed.

Now we have a problem!

Back in January of this year a researcher (benevolent hacker) found what is called a "cross-site-scripting" (XSS) flaw in Adobe Reader 7.0 and earlier versions.

Shortly afterward, in what we can all only hope was a cooincidence, the Storm Worm started sending out their image spam using PDFs.

Since then, the scope of the Adobe Reader flaw has been shown to be far more dangerous - with the recent note that an attacker could gain access to anything on a Windows system C: drive - executables, documents, anything - and send them to others on the net - and all you did was click on the PDF link. In fact, if you open a web page that references a PDF file directly, you can be compromised - just stumble upon a compromised site - that's all!

Adobe is aware of the flaw and hopefully will be bringing out a fix soon.

The latest note says that the flaw has been demonstrated in Adobe Reader version 8.1 and that previous versions are also affected, and that "other PDF viewers might be vulnerable too."

I'm watching this closely as I know it affects all of my customers along with most of the rest of the computer world - PDFs are by far the most ubiquitous method of sending rich-format print-like content around the networked world.

More Reading:
Dark Reading today and older warning
Slashdot - zero-day exploit

Story Options

What's New

Stories

No new stories

Comments last 2 days

No new comments

Trackbacks last 2 days

No new trackbacks

Older Stories

Thursday 15-Sep


Saturday 10-Sep


Tuesday 30-Aug


Saturday 20-Aug


Thursday 18-Aug


Sunday 14-Aug


Thursday 04-Aug


Tuesday 02-Aug

?

Ads by Clickochet

G+ Public Posts

There was a problem reading this feed (see error.log for details).
?

G+

?

Facebook Page

RSS Feed

Richard's Digital Rag

Poll

How do you like to find out news about the internet and computers?

  •  Newspaper
  •  Radio
  •  TV
  •  Web Search
  •  Favourite Web Site(s)
  •  Pod Cast
  •  Video Online
  •  Email List(s)
  •  RSS - Syndication
  •  Word of mouth
This poll has 0 more questions.
Results
Other polls | 28 votes | 0 comments