Here's a shock - I thought PDF's were safe...!


Seems there is a possible issue with PDF's - see story below from David Strom...

Never open attachments from people that you don't know...!
Web Informant 10 November 2011: The next PDF you open may be your last

You know by now not to open unexpected email attachments, but what if someone that appears legit sends you a PDF? How harmful can it be? As it turns out, very. This week a harmless-looking invitation to a Nobel Prize ceremony was a nasty piece of business indeed. When saved to a hard drive and opened, it sets up a backdoor so that the bad guys can take over your PC at will, all while you think nothing is going on.
What is troubling is that this isn't new.

This PDF exploit has been around for several years, yet it seems that it doesn't get much attention from the general public. The security community is all over it. Here is a collection of articles that appeared on SearchSecurity.com earlier this summer that tells corporate IT folks how to secure these type of files:
http://searchsecurity.techtarget.com/generic/0,295582,sid14_gci1518488,00.html

And here is a video screencast that shows you the exploit in its gory detail:
http://www.youtube.com/watch?v=fmoBk3gyg4w

So why hasn't word gotten out? Why hasn't Adobe fixed this issue?
Well, they try, but the structure of the PDF format itself makes it hard to secure. It even has the nasty habit of saving revisions, so some hackers can go in and review previous versions and redacted text.

Yes, you can password-protect your PDFs. You can also sign them, so that your recipients know that they haven't been tampered or forged by anyone in transit. You can share PDFs using Acrobat.com online or Google Docs or similar services. But few people use these features.
And because a PDF isn't exactly an executable file, most of us are lulled into thinking that it is harmless.

As a test, go take a look and see if the version of Acrobat Reader on your PC is anywhere close to 9.4, which is the current one. I have seen people running version 5 or 6, which are years old obviously, the older the version, the more likely it can be exploited. Take some time now to update your software to the current version.

And the next time you receive a PDF, take a moment to consider the consequences. Or use one of any number of free alternatives on Windows, or better yet, a Mac its PDF viewer, the built-in Preview app, can't be exploited as easily.

Read more from David on the link below...

strom.com

<< Previous   | Next >>

Back to previous page