Investintech Offers PDF Conversion Solutions
site indexcontact usabout us
Resources

Friday, January 19. 2007

Could Downloading Reader 8 Be A Matter Of Security?

Just in case you’re not into checking the PDF news on a regular basis, earlier this month, Adobe PDF ware has seen security vulnerabilities in its earlier versions of Adobe Reader and Acrobat. On the one hand, they can be protected against without too much difficulty. On the other, they can be tricky to detect.


The security vulnerability stems from a hacking method known as Cross Site Scripting (XSS). Although this method is not new to the tech world, it is one of the most commonly used to discreetly gather sensitive information without you being the wiser. And this time, XSS is being aimed at the PDF and is being coined as Universal Cross Site Scripting (UXSS).


Websites that host simple PDF files will usually provide a URL link to it in which malicious users append their own JavaScript code. So when you access the PDF file, the JavaScript code gets executed in your browser. The parameters within the URL get manipulated and, needless to say, with that kind of control, the JavaScript can ultimately allow someone to wreak havoc on your hard drive. All it takes is one click on any of the infinite number of PDF files that are posted on-line.


Are You Safe?


The most vulnerable are users with older versions of Adobe Acrobat and Reader—v.7.0.8 and earlier. Reportedly, Firefox 1.5.0.8 and 2.0.0.1 or Opera 9.x Internet browsers with earlier Acrobat/Reader plug-ins were susceptible to UXSS. IE 6.x with Acrobat/Reader v.6.0.1 were also open to attacks. With the latest versions of Acrobat and Reader, there were reports of error dialogue boxes warning that the file couldn’t be opened. I actually experienced this while researching UXSS for this posting!


To minimize the amount of risk, updating your PDF software might be one of the best precautions to take, if you haven’t already. On the Adobe site you can find patches for Reader and Acrobat v. 7.0.8 and earlier posted up. Unfortunately, while you may be looking out for the latest and best tech products for 2007, you might want to look out for the latest and worst bugs out there as well.


Posted by Reena in News at 16:19 | Comments (0)
-->

Comments
Display comments as (Linear | Threaded)

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA
 
Submitted comments will be subject to moderation before being displayed.
 

Calendar

Back November '09
Mon Tue Wed Thu Fri Sat Sun
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30            

Quicksearch

Categories



All categories

Syndicate This Blog
PDF Converter Products | PDF Conversion Software | PDF Creator Software | Download PDF Converter | Download PDF Writer | PDF Conversion Resources
Legal Notice © 2000 - 2006 Investintech.com Inc. All Rights Reserved. | Call us: 416-920-5884 | Language: English Español