Welcome!

Adobe Flex Authors: Shelly Palmer, Elizabeth White, RealWire News Distribution, PR.com Newswire, Corey Roth

Related Topics: Adobe Flex

Adobe Flex: Blog Feed Post

The Next PDF You Open May Be Your Last

Yes, you can password-protect your PDFs

You know by now not to open unexpected email attachments, but what if someone that appears legit sends you a PDF? How harmful can it be? As it turns out, very. This week a harmless-looking invitation to a Nobel Prize ceremony was a nasty piece of business indeed. When saved to a hard drive and opened, it sets up a backdoor so that the bad guys can take over your PC at will, all while you think nothing is going on. What is troubling is that this isn’t new.

This PDF exploit has been around for several years, yet it seems that it doesn’t get much attention from the general public. The security community is all over it. Here is a collection of articles that appeared on SearchSecurity.com earlier this summer that tells corporate IT folks how to secure these type of files.

And here is a video screencast that shows you the exploit in its gory detail.

So why hasn’t word gotten out? Why hasn’t Adobe fixed this issue? Well, they try, but the structure of the PDF format itself makes it hard to secure. It even has the nasty habit of saving revisions, so some hackers can go in and review previous versions and redacted text.

Yes, you can password-protect your PDFs. You can also sign them, so that your recipients know that they haven’t been tampered or forged by anyone in transit. But few people use these features. And because a PDF isn’t exactly an executable file, most of us are lulled into thinking that it is harmless.

As a test, go take a look and see if the version of Acrobat Reader on your PC is anywhere close to 9.4, which is the current one. I have seen people running version 5 or 6, which are years old – obviously, the older the version, the more likely it can be exploited. Take some time now to update your software to the current version.

And the next time you receive a PDF, take a moment to consider the consequences. Or use one of any number of free alternatives on Windows, or better yet, a Mac – its PDF viewer, the built-in Preview app, can’t be exploited as easily.

Read the original blog entry...

More Stories By David Strom

David Strom is an international authority on network and Internet technologies. He has written extensively on the topic for 20 years for a wide variety of print publications and websites, such as The New York Times, TechTarget.com, PC Week/eWeek, Internet.com, Network World, Infoworld, Computerworld, Small Business Computing, Communications Week, Windows Sources, c|net and news.com, Web Review, Tom's Hardware, EETimes, and many others.