No. 1 Story

Construction needs cloud flexibility

Australia’s embattled construction sector could benefit from cloud based information systems that can be switched on and off in lockstep with individual projects – with the exception of those organisations based in remote areas like the Kimberleys.

read more

Related Articles

Adoption of cloud computing has reached a tipping point  - but don’t expect legacy...
In yet another blow to the Facebook IPO this week, following the withdrawal of...
Recruitment technology and social media have played a significant role in growing business in...
It's no longer unusual for a household or small business to use a mixed...
It's no longer unusual for a household or small business to use a mixed...

PDF links may have a sting in the tail

Your IT - Home IT

A weakness in the Adobe Reader plugin's execution of JavaScript can be combined with a cross site scripting attack with "breathtaking" ease, a security researcher has warned.

Writing in Symantec's Security Response Weblog, senior security response engineer Hon Lau said an attack could be made via any web site that hosts a PDF file as no server-side vulnerabilities were involved: "anybody hosting a .pdf file, including well-trusted brands and names on the Web, could have their trust abused and become unwilling partners in crime."

An exploit would involve persuading a user to click on a specially-formed URL that points to a legitimate PDF file but also contains JavaScript attack code. "Given that it is easy to exploit, I would expect that we will see this method used considerably in the coming days and weeks, until it is resolved," warned Lau.

However, the problem seems to be specific to Firefox and can be avoided by changing settings so that PDF files are opened by the Acrobat Reader application rather than the plugin, Lau advised. Other defences include JavaScript filtering at the firewall.