Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 30 Sep 2014, 08:11
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Embedded PDF exe hack goes live in Zeus malware attack
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [8 Posts]  
Author Message
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11079
Location: Arizona USA

PostPosted: Tue 20 Apr 2010, 00:38    Post subject:  Embedded PDF exe hack goes live in Zeus malware attack  

http://blogs.zdnet.com/security/?p=6196&tag=nl.e550
Quote:
Adobe is considering a patch to change the behavior of the software. In the meantime, the company is suggesting that users configure its PDF Reader product to limit the damage from an attack.

Here are the instructions for mitigating a potential attack:

    * Users can also turn off this functionality in the Adobe Reader and Adobe Acrobat Preferences by selecting > Edit > Preferences > Categories > Trust Manager > PDF File Attachments and clearing (unchecking) the box “Allow opening of non-PDF file attachments with external applications”

Which means it's on by default. Sad
Back to top
View user's profile Send private message 
Makoto


Joined: 03 Sep 2009
Posts: 1797
Location: Out wandering... maybe.

PostPosted: Wed 21 Apr 2010, 05:38    Post subject:  

I'll admit I haven't been paying close attention to the PDF format for a while... but since when could you embed things in a PDF that would require an external viewer? Isn't PDF supposed to be more or less self-contained?

Or was it just being nice and allowing users to specify their own viewers for some of the embedded files? Either way, you'd think that would practically invite an exploit of some sort... Sad

_________________
[ Puppy 4.3.1 JP, Frugal install | 1GB RAM | 1.3GB swap ] * My Pidgin Builds for Puppy 4.3.1+
In memory of our beloved American Eskimo puppy (1995-2010) and black Lab puppy (1997-2011).
Back to top
View user's profile Send private message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Wed 21 Apr 2010, 06:45    Post subject:  

PDF includes a specialised programming language
. . . just as MS Office have powerful script option (programming)
I think OpenOffice has no or little macros support - is that right?

Firefox and Seamonkey contain XUL programming capacity
. . . and the list goes on . . . Perl, javascript, Actionscript (Flash language)

. . . and that is on top of the existing mainstream languages
http://puppylinux.org/wikka/ProgrammingLanguages

_________________
Puppy WIKI
Back to top
View user's profile Send private message Visit poster's website 
Makoto


Joined: 03 Sep 2009
Posts: 1797
Location: Out wandering... maybe.

PostPosted: Thu 22 Apr 2010, 17:25    Post subject:  

Yeah, but I was wondering when Adobe thought it'd be a good idea to allow anyone to embed practically anything in a PDF (if that's the case), and allow even the remote possibility of opening another app to handle that content. That's potentially an avenue for risk, right there.

Hrm. I don't want to have to worry if my PDF reader for Linux, my handhelds, whatever, will be able to handle embedded videos in a PDF. Razz

_________________
[ Puppy 4.3.1 JP, Frugal install | 1GB RAM | 1.3GB swap ] * My Pidgin Builds for Puppy 4.3.1+
In memory of our beloved American Eskimo puppy (1995-2010) and black Lab puppy (1997-2011).
Back to top
View user's profile Send private message 
dru5k1


Joined: 11 Apr 2010
Posts: 72

PostPosted: Thu 22 Apr 2010, 18:24    Post subject:  

haha, "We've shipped this with an open invitation to hackers... "IF" you check back at our website, then you'll be one of the lucky ones that "CAN" close this hole"

thanx for the good read Flash
Back to top
View user's profile Send private message 
DMcCunney

Joined: 02 Feb 2009
Posts: 897

PostPosted: Thu 22 Apr 2010, 19:49    Post subject:  

Lobster wrote:
PDF includes a specialised programming language

Adobe embeds ActionScript, which is a variant of JavaScript, based on the ECMAScript specification (and Adobe and Mozilla are collaborating on future revisions to JavaScript and the ECMA standard.)

Quote:
. . . just as MS Office have powerful script option (programming)

Microsoft includes a subset of Visual Basic called Visual Basic for Applications in the Office product line.

Quote:
I think OpenOffice has no or little macros support - is that right?

It's wrong. Open Office includes a macro capability and a version of Basic. It's required for compatibility with MS Office files. There's an OO macro repository here: http://www.ooomacros.org/

Quote:
Firefox and Seamonkey contain XUL programming capacity

XUL is an XML language for writing User Interfaces. You can use it with widgets to define what your application looks like. To go beyond that and actually do things you have to write in JavaScript.

Quote:
. . . and the list goes on . . . Perl, javascript, Actionscript (Flash language)

. . . and that is on top of the existing mainstream languages
http://puppylinux.org/wikka/ProgrammingLanguages

And I think that entry is out of date. Isn't Perl a standard port of current Puppy distros? (If it isn't, it ought to be. It's in every [o]other[/i] Linux distro I'm aware of.)
______
Dennis
Back to top
View user's profile Send private message 
Sit Heel Speak


Joined: 30 Mar 2006
Posts: 2595
Location: downwind

PostPosted: Fri 23 Apr 2010, 17:14    Post subject:  

DMcCunney wrote:
Isn't Perl a standard port of current Puppy distros?
Perl has been in Puppy for years, maybe even from the beginning, look in /usr/bin and /usr/lib. 5.8.8 in older, 5.10.0 in the newest Puppies. 5.10.0 is required for building (though not using) Beesoft Commander, and maybe for the newest (April 17th) ImageMagick (I'll let you know in a few days).

Thank you very much for the rundown of scripting language inclusions!
Back to top
View user's profile Send private message 
DMcCunney

Joined: 02 Feb 2009
Posts: 897

PostPosted: Fri 23 Apr 2010, 17:45    Post subject:  

Sit Heel Speak wrote:
DMcCunney wrote:
Isn't Perl a standard port of current Puppy distros?
Perl has been in Puppy for years, maybe even from the beginning, look in /usr/bin and /usr/lib. 5.8.8 in older, 5.10.0 in the newest Puppies. 5.10.0 is required for building (though not using) Beesoft Commander, and maybe for the newest (April 17th) ImageMagick (I'll let you know in a few days).

Thanks. I wasn't sure, because I automatically install it as one of the first additions to a new installation if the distro doesn't include it.

Quote:
Thank you very much for the rundown of scripting language inclusions!

I just scratched the surface. TECO is available for Linux for the incurably retro (I posted a Linux version to the forums a while back). IBM's REXX language is available, in both Regina and IBM Object REXX builds. Lua gets used in Puppy, and is being embedded as a scripting language in a variety of things. (I believe Geany can be scripted in Lua.) TclTk is available for Puppy, as well as every other distro I'm aware of. Properly speaking, Python and Ruby are scripting languages, embeddable in other things, but each is powerful enough that complete applications can be written in it, similar to what is done with Java.

And that doesn't count shell scripting in ash, bash, csh, ksh, tcsh, or zsh among others.

Offhand, I think JavaScript may be the hot current scripting language. It was designed to be lightweight, object oriented, and embeddable, and there's a formal spec for it and several open source implementations (including on in Java) . Most important, given its wide usage in web development, there are a large number of developers working in it.
______
Dennis
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [8 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0716s ][ Queries: 11 (0.0047s) ][ GZIP on ]