Security Basics mailing list archives
AW: Manipulate PDFs with Malware
From: Günther, Sebastian <guenther.sebastian () googlemail com>
Date: Mon, 21 Jan 2013 19:06:02 +0100
Helle Together, i think you can only send an infected PDF Document in name of a trusted people or company. Regards Sebastian -----Ursprüngliche Nachricht----- Von: listbounce () securityfocus com [mailto:listbounce () securityfocus com] Im Auftrag von Adam Pal Gesendet: Montag, 21. Januar 2013 10:31 An: andre.silaghi () googlemail com Cc: security-basics () securityfocus com Betreff: Re: Manipulate PDFs with Malware Hi Andre, could you specify the context of the question or the risk you are refering to? Given the facts below, no i cannot think at any easy way to modify this information, at all it would not realy make sense to modify it during the opening process (process could be detected). Also it should be one of the next steps to verify the payment data (validation) before process it. Best regards, Adam Pal -------- Original-Nachricht --------
Datum: Sun, 20 Jan 2013 23:55:14 -0700 Von: Nick Clark <nick () clark-clan com> An: Andre Silaghi <andre.silaghi () googlemail com> CC: "security-basics () securityfocus com" <security-basics () securityfocus com> Betreff: Re: Manipulate PDFs with Malware
Depends on how the PDF is formed. If they are just using an image or flat text, I cannot think of any easy way to do this. If they are using a form, and this barcode has a set attribute field, then you could probably search for the field and replace it with whatever you'd like to. --- Nick Clark On Jan 19, 2013, at 10:59 PM, Andre Silaghi <andre.silaghi () googlemail com> wrote:Hello everybody, Let me just explain to you a scenario before I ask my question about it. You are starting to download a PDF file including a barcode which is used to identify some payment information like the ammount of money you have to pay and the receiver, maybe identified by another sequence which is included. Would it be possible to manipulate this barcode easily before or during the opening process of the PDF in order to change the payment information in a way that the attacker's information is encoded there? Have you any experience with malware like this? Best regards, André -------------------------------------------------------------------- ---- Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs anSSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be4 42f727d1-------------------------------------------------------------------- -------------------------------------------------------------------------- -- Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be4 42f727d1 ---------------------------------------------------------------------- --
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Manipulate PDFs with Malware Andre Silaghi (Jan 20)
- Re: Manipulate PDFs with Malware Nick Clark (Jan 20)
- Re: Manipulate PDFs with Malware Adam Pal (Jan 21)
- AW: Manipulate PDFs with Malware Günther , Sebastian (Jan 21)
- RE: Manipulate PDFs with Malware David Gillett (Jan 22)
- Re: Manipulate PDFs with Malware Adam Pal (Jan 21)
- RE: Manipulate PDFs with Malware Simon Thornton (Jan 23)
- AW: Manipulate PDFs with Malware Booth, Daryl (Jan 23)
- Re: Manipulate PDFs with Malware Andre Silaghi (Jan 29)
- Re: Manipulate PDFs with Malware Nick Clark (Jan 20)