Home » Uncategorized

Hacker Toolkits aim to exploit PDF vulnerabilities

27 Sep 2008 | | No Comment

Reena over at the Investintech.com blog has written a post that highlights a few toolkits that could be used to exploit PDF vulnerabilities:

We all know that the PDF has had its share of PDF vulnerabilities.  FromUXSS to PDF spamming, the PDF has been targeted for its wide user base, compatibility across different systems and its reputation as a commonly deployed format for many of today’s enterprises.

And…

A hacking toolkit called the “PDF Xploit Pack” is reportedly taking advantage of PDF vulnerabilities to gain access to the user information of infected computers. According to a blog posting on worldwide communications resource company, TrustedSource, the PDF Xploit Pack is a new toolkit that targets only PDF files.

She concludes with this:

The US Computer Emergency Readiness Team (US-CERT) believes in this too.  On their website it recommends not opening files you don’t trust, making sure you’ve got anti-virus programs installed, and keeping your software updated with the latest patches and versions.

It’s unfortunate, but the very nature of computers means that we’re more vulnerable to attack than we would be if some trickster came to our front door and tried to scam us. It seems like on the Internet we’re less vulnerable to a physical attack, so we aren’t as cautious. Our natural instincts desert us.

Thank of it this way: everytime you download and open/install something that you don’t trust, or don’t know where it came from, it’s the same thing as lending your house key to a theif — you’re leaving yourself wide open to attack.

The medium here is really irrelevant — it could be a PDF document that arrives as an email attachment, or an executable that a website asks you to download — your first reaction should be: if you don’t trust it, leave it alone.

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Leave your response!

You must be logged in to post a comment.