Bill Williams (IT): Support Site
[home]
|
[profile]
|
[register]
|
[help]
|
[Contact Us]
Revise:
Note: You must be registered in order to post a Topic or Comment.
To register,
click here
.
Note: Only the poster of this message, and the moderator can edit the message.
Your UserName:
Your Passkey:
Forgot your passkey?
[Click Here]
Byline:
for Staff use.
Body Text:
For a guide to
embellishing
the text,
click
here
A new form of exploit arose recently which was the cause of over 80% of the infections last year (or the year before). http://www.computerworld.com/s/article/9157438/Rogue_PDFs_account_for_80_of_all_exploits_says_researcher [a]http://www.computerworld.com/s/article/9157438/Rogue_PDFs_account_for_80_of_all_exploits_says_researcher[/a] Some idiot in Adobe Inc thought it would be a great idea if PDF files (Portable Document Format) could also be forms for filling in and it would be 'nice' if the designer of the form was able to program in checks on values etc before the complete form was sent back to the originator. Adobe did this by including the ability to write programs in the language Javascript within a PDF file. In essence not a bad idea, BUT, the number of PDF files including forms is probably way below the 1% mark, yet Adobe chose to ENABLE this capability by default i.e. PDF files can contain executable programs INCLUDING MALWARE and since Adobe Reader version 6 onwards this can execute silently. In itself, this is not bad because the Javascript is supposed to be limited to performing actions relating to the form, but the problem is that just about all the software written by Adobe is riddled with insecurities, many of the buffer-overflow type. This means that malware in a PDF file can exploit one of these insecurities to inject instructions into Adobe Acrobat Reader and those instructions can install a trojan into the rest of the victim's computer. [blue][i]Adobe inc do not make it easy to find the list of exploits & fixes, it is not on their main menues, but if you want to see the raw facts click this [a]http://www.adobe.com/support/security/index.html[/a] [/i][/blue] Adobe have been issuing patches frequently to fix these insecurities, which is why it is very important that if you want to use an Adobe Reader later than version 5 it is very important that you update to the latest version and that you allow it to download further updates. Despite knowing all the chaos they have caused and despite the very small quantity of legitimate PDF files that need Javascript, Adobe have not (yet?) done the obvious thing of turning off Javascript by default and then popping up a box if it is actually needed. Despit the fact that they actually reccommend turning it off.. What egotistical wallies!! [a]http://www.computerweekly.com/Articles/2009/10/12/238093/Adobe-recommends-disabling-JavaScript-to-avoid-PDF-hack.htm[/a] Turning off Javascript does not make it completely safe, but it is a lot safer. Revised on 10 Apr 2011
Check here to include your profile signature.
Check here Remember Details.
Go to Home Page