[David Strom's Web Informant] 10 November 2011: The next PDF you open may be your last

David Strom david at strom.com
Wed Nov 10 12:35:44 EST 2010


Web Informant 10 November 2011:  The next PDF you open may be your last

You know by now not to open unexpected email attachments, but what if
someone that appears legit sends you a PDF? How harmful can it be? As
it turns out, very. This week a harmless-looking invitation to a Nobel
Prize ceremony was a nasty piece of business indeed. When saved to a
hard drive and opened, it sets up a backdoor so that the bad guys can
take over your PC at will, all while you think nothing is going on.
What is troubling is that this isn't new.

This PDF exploit has been around for several years, yet it seems that
it doesn't get much attention from the general public. The security
community is all over it. Here is a collection of articles that
appeared on SearchSecurity.com earlier this summer that tells
corporate IT folks how to secure these type of files:
http://searchsecurity.techtarget.com/generic/0,295582,sid14_gci1518488,00.html

And here is a video screencast that shows you the exploit in its gory detail:
http://www.youtube.com/watch?v=fmoBk3gyg4w

So why hasn't word gotten out? Why hasn't Adobe fixed this issue?
Well, they try, but the structure of the PDF format itself makes it
hard to secure. It even has the nasty habit of saving revisions, so
some hackers can go in and review previous versions and redacted text.

Yes, you can password-protect your PDFs. You can also sign them, so
that your recipients know that they haven't been tampered or forged by
anyone in transit. You can share PDFs using Acrobat.com online or
Google Docs or similar services. But few people use these features.
And because a PDF isn't exactly an executable file, most of us are
lulled into thinking that it is harmless.

As a test, go take a look and see if the version of Acrobat Reader on
your PC is anywhere close to 9.4, which is the current one. I have
seen people running version 5 or 6, which are years old – obviously,
the older the version, the more likely it can be exploited. Take some
time now to update your software to the current version.

And the next time you receive a PDF, take a moment to consider the
consequences. Or use one of any number of free alternatives on
Windows, or better yet, a Mac – its PDF viewer, the built-in Preview
app, can't be exploited as easily.

Retweet this: @dstrom says PDFs are insecure and ways to make them
less so -- http://bit.ly/bgs5Rb




More information about the WebInformant mailing list