|
|
 |
| New User, Welcome! Login |
Re: Millions of PDF invisibly embedded with your internal disk paths
| From: |
Patrick Webster <sflist aushack com> |
| To: |
"Thor (Hammer of God)" <thor hammerofgod com> |
| Cc: |
"bugtraq securityfocus com" <bugtraq securityfocus com> |
| Subject: |
Re: Millions of PDF invisibly embedded with your internal disk paths |
| Date: |
Wed - Nov 25, 2009 01:40 AM |
I agree. Discovering the local path may be considered a risk, but in
most cases the risk is nil.
Consider compiled binaries. They also leak paths of the developer's
compile environment (mainly PDB -
http://support.microsoft.com/kb/121366). E.g. My firefox.exe is:
e:\builds\moz2_slave\win32_build\build\obj-firefox\browser\app\firefox.pdb
This reminds me of the iPhone worm. Everyone knew about the default
root password years ago... it is not like people weren't already
scanning for gaolbroken phones before worms were released >:)
Then again, the worm brought attention to the fact.
PDF's are mainly used for two reasons:
1) Prevent end-user modification
2) Because Microsoft Word conceals information & tracks changes etc,
and too many government & enterprise organisations have been bitten by
it that PDF is a rule of thumb. At least in my experience.
Considering that, perhaps for the PDF format specifically this could
be an issue, under the assumption that consumers use PDF
/specifically/ to prevent data leakage.
-Patrick
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
