[OWASP-Security101] Security Publications by PDF

NightShade avghacker at gmail.com
Wed Apr 25 18:59:14 UTC 2012


As with most things technology related there is a certain amount of 
implicit trust that we place in things like digital publications.  Is it 
possible for someone to gain access to the distribution server of these 
files and inject malicious exploits into the PDF...sure.  Is it likely?  
Probably not...

Another great example here is QR Codes.  We see them everywhere these 
days, but whose to say that they people printing them aren't embedding 
malicious links?  There is no tool (that I'm aware of) that will proxy 
the connection and check for malicious content in QR Codes...but we 
continue to use them.

I guess it really all boils down to trusting the provider of the content 
you are viewing and peer review (ie. we trust Forbes digital magazine 
because millions of people read it without issue).


On 4/25/2012 8:51 AM, Patrick Laverty wrote:
> I keep seeing new security publications popping up like HITB and Club
> Hack where they're offering their content via PDF. But does anyone
> know if any of those files are being checked with anyone to see if
> they're safe? It sure would be interesting to offer a security
> magazine with a PDF vulnerability built in. That might be a little
> embarrassing.
>
> Or am I misunderstanding how much one can do with a malicious PDF?
>
> Thanks!
> _______________________________________________
> Security101 mailing list
> Security101 at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/security101
> List Run By OWASP
> List Admin: Michael.Coates at owasp.org


More information about the Security101 mailing list