Have a look at Google's answer when both "PDF" and "Javascript" are in the search box. When I did, I got 4 results out of 10 concerned with security faults.
So, here is my initial question: Why should Javascript be put inside PDF files?
Answer: it's in the ISO norm defining PDF 1.7, with no precise details, but at least references to more detailed documents.
It's long known to web developers that Javascript is a nest for problems, especially when it's not correctly documented. Yet Adobe looks to develop forward the possibilities of its software, its file formats and that's normal. However I would wish they did it differently. First, that they did not melt innovations under a unique "PDF" name, which refers to a format that users choose primarily because it's supposed to be portable, simple and solid like rock. Then, that they did not activate Javascript by default. Few users really require it and even they recommend to deactivate it.
Showing posts with label pdf. Show all posts
Showing posts with label pdf. Show all posts
Sunday, May 24, 2009
Friday, April 24, 2009
Acrobat Reader dangerous target
Acrobat Reader, the most common PDF viewer, is a lot targeted by attackers, in the form of specifically crafted PDF files. Through such attacks, access can be gained into the infected system and other threats such as botnets can occur. The security company F-Secure recommends to replace it with an alternative viewer. (the news from slashdot)
I remember foretelling this to colleagues six months ago.
I remember foretelling this to colleagues six months ago.
Subscribe to:
Posts (Atom)
Posts
