 |
Puppy Linux Discussion Forum Puppy HOME page : puppylinux.com "THE" alternative forum : puppylinux.info
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in|
The time now is Sat 18 May 2013, 06:07 All times are UTC - 4 |
 Forum index » Off-Topic Area » Security |
|
The real dangers of PDF executable trickery
|
 
|
View previous topic :: View next topic |
| Page 1 of 1 [7 Posts] |
| Author | Message | ||||||
|---|---|---|---|---|---|---|---|
|
Flash
Official Dog Handler  Joined: 04 May 2005 Posts: 9838 Location: Arizona USA |
I can't tell from this article if the exploit only works on Adobe pdf readers for Windows.
|
||||||
|
|||||||
 |
|||||||
Pizzasgood
 Joined: 04 May 2005 Posts: 6270 Location: Knoxville, TN, USA |
It theoretically works in Linux. It depends on the PDF viewer. From what I understand, most Linux PDF viewers don't support the particular feature that was used. But there is no reason why they couldn't. Of course, a PDF that was designed to attack a Windows machine would generally be harmless on a Linux machine, and vice versa. What I don't understand is why PDF even has that feature. It's retarded. Documents don't need to be able to execute commands. Thanks for posting this, by the way. In my network security class we have to do a number of lab additions where we add a section to the lab assignments. (It's "optional", but required for an A). We've been having bad luck making things work on the lab machines lately. I have a good feeling about this one though. (And we only need this last addition.) _________________ Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib  |
||||||
|
|||||||
|
|||||||
|
DMcCunney
Joined: 02 Feb 2009 Posts: 894 |
Don't think of a PDF as a document. Think of it as a container. It's generally used for documents, but can be more broadly applied. Adobe embeds a variant of JavaScript called ActionScript in PDF viewers, and it's possible to have interactivity rather than a static document. There are PDFs that can serve as "fill in the blanks" forms, where the user can open the PDF and use drop down selection boxes and text entry to fill out an electronic form which can then be submitted back the the originator. As "rich media" becomes more pervasive, we'll see more of this. I'm waiting for the first ePub exploit. I'm not as worried about this one as others might be, as it still requires action on the user's part to run the malicious code. (Yes, I know. There are lots of gullible users out there...) I can't do anything about other people's stupidity. I can be careful about what I download and open, and PDFs are on the list of "Only from trusted sources". ______ Dennis |
||||||
|
|||||||
|
|||||||
8-bit
 Joined: 03 Apr 2007 Posts: 3012 Location: Oregon |
Well, I got a PDF file in Windows from a government agency that was a :""fill in the blanks" type". It would come up with adobe reader in IE8 and you would fill it out and then Print it. You could not save the completed form. But there are uses for PDF files with executables. |
||||||
|
|||||||
|
|||||||
|
Pizzasgood
Joined: 04 May 2005 Posts: 6270 Location: Knoxville, TN, USA |
My point is that most documents don't need to be active, so they could use a static format. An active format with a different extension could be used by only the "documents" that actually need it. That way people would be naturally more paranoid, because before they even click on the file, they would see the icon (and maybe extension) and say, "Wait, that's one of them funny ones. Why does it need to be funny? What's it up to? Do I trust them?" There should not be a requirement to trust the average document. It is just a document. The only threats it should pose are buffer overflows and boredom. Maybe epileptic seizures. _________________ Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib |
||||||
|
|||||||
|
|||||||
|
Flash
Official Dog Handler Joined: 04 May 2005 Posts: 9838 Location: Arizona USA |
If I understood the article correctly, one thing this "feature" could do is infect every pdf file visible to a computer, without the user's knowledge. If so, then an embedded executable could spread itself quickly throughout a "trusted" pdf repository from just one bad pdf file. |
||||||
|
|||||||
|
|||||||
|
DMcCunney
Joined: 02 Feb 2009 Posts: 894 |
Unlikely. Remember, this isn't a "drive by install", like you can get running Internet Explorer in Windows and picking up a malicious Active-X control. The user must open the PDF and agree to the execution of the code. (Though they won't know precisely what they're agreeing to.) "Trusted repositories" will be Internet facing servers, and probably running Linux. How is this execution supposed to occur? I treat reports like this in the same way every time I see one, and say "Okay. This is an exploit. How likely is it to actually occur?" Most of them fall into the "Not likely enough for me to lose sleep over it" category until I see something that raises the threat level. I'm not especially worried about this one. ______ Dennis |
||||||
|
|||||||
|
|||||||
The real dangers of PDF executable trickery
| Page 1 of 1 [7 Posts] |
|
|
View previous topic :: View next topic |
|
Forum index » Off-Topic Area » Security |
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum |
Powered by phpBB © 2001, 2005 phpBB Group