iTWire - PDF links may have a sting in the tail

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Technology news and Jobs

PDF links may have a sting in the tail

PDF links may have a sting in the tail

E-mail

by Stephen Withers
Thursday, 04 January 2007
A weakness in the Adobe Reader plugin's execution of JavaScript can be combined with a cross site scripting attack with "breathtaking" ease, a security researcher has warned. Featured Whitepaper 5 Best Practices for Smartphone Support Writing in Symantec's Security Response Weblog, senior security response engineer Hon Lau said an attack could be made via any web site that hosts a PDF file as no server-side vulnerabilities were involved: "anybody hosting a .pdf file, including well-trusted brands and names on the Web, could have their trust abused and become unwilling partners in crime." An exploit would involve persuading a user to click on a specially-formed URL that points to a legitimate PDF file but also contains JavaScript attack code. "Given that it is easy to exploit, I would expect that we will see this method used considerably in the coming days and weeks, until it is resolved," warned Lau. However, the problem seems to be specific to Firefox and can be avoided by changing settings so that PDF files are opened by the Acrobat Reader application rather than the plugin, Lau advised. Other defences include JavaScript filtering at the firewall.{moscomment} Tags See All Tags Browsers Internet Malware Security Software Stephen Withers Powered By Joomla Tags Please enable JavaScript in your browser to post your comment!

< Next story in category		Previous story in the category >

Sponsored Releases

Internet Security Predictions for 2010 from AVG (AU/NZ)

Frost & Sullivan Awards Websense Australian Secure Content Management Vendor of The Year

TANDBERG Awarded Australia Video Conferencing Vendor Of The Year By Frost & Sullivan

World Leader in IT Power Management Appoints Channel Partner for South Pacific

MicroStrategy Reporting Suite Provides Seamless BI Reporting for Microsoft Analysis Services

Thunderhead Appoints Phil Walker as Managing Director of Asia Pacific and Europe

Heathrow Airport Terminal 5 Live with Progress Software

...Promote your press-releases here

Latest jobs

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Today on iTWire

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking