[OWASP-Security101] Security Publications by PDF
avghacker at gmail.com
Wed Apr 25 18:59:14 UTC 2012
As with most things technology related there is a certain amount of
implicit trust that we place in things like digital publications. Is it
possible for someone to gain access to the distribution server of these
files and inject malicious exploits into the PDF...sure. Is it likely?
Another great example here is QR Codes. We see them everywhere these
days, but whose to say that they people printing them aren't embedding
malicious links? There is no tool (that I'm aware of) that will proxy
the connection and check for malicious content in QR Codes...but we
continue to use them.
I guess it really all boils down to trusting the provider of the content
you are viewing and peer review (ie. we trust Forbes digital magazine
because millions of people read it without issue).
On 4/25/2012 8:51 AM, Patrick Laverty wrote:
> I keep seeing new security publications popping up like HITB and Club
> Hack where they're offering their content via PDF. But does anyone
> know if any of those files are being checked with anyone to see if
> they're safe? It sure would be interesting to offer a security
> magazine with a PDF vulnerability built in. That might be a little
> Or am I misunderstanding how much one can do with a malicious PDF?
> Security101 mailing list
> Security101 at lists.owasp.org
> List Run By OWASP
> List Admin: Michael.Coates at owasp.org
More information about the Security101