![](https://seccdn.libravatar.org/avatar/c065963ea79ed03bd707840a2104092a.jpg?s=120&d=mm&r=g)
On Friday 11 January 2008 03:12:46 Philippe Landau wrote:
Anders Johansson wrote:
On Friday 11 January 2008 02:25:57 Don Raboud wrote:
Among the options one can set in Acrobat reader is to specify a proxy which I usually set to 127.0.0.1 to avoid things like this. (I am not paranoid, just don't like the very idea.) Of course, being closed source one has no idea if acrobat reader honors these settings or not.
Sure one has. Just use wireshark to see what it does. It can't bypass that. No need to sit around guessing, or tell scary stories
I have a hunch lots of people already have done that though, and if it did bad things, we would have heard about it by now, a lot louder than vague rumours on mailing lists
No need to insult if you follow the provided link there (see below) or do some online research on your own confirming what is now known since over two years.
By the way, I just discovered that since late 2005, Adobe actually disabled this feature (the feature in question was that acroread let javascript silently download URLs in the background without telling the user- that was how the notification worked) If a PDF today tries to access a URL, acroread will tell the user about it and give him a chance to prevent it. I guess they responded to the articles - and I guess that's why all the articles about this are over two years old (not counting all the blogs that only quote those old articles) So I think this problem is gone from acroread, but again: to make sure, use wireshark to determine what the program actually does on the network And if anyone does discover something happening that should be happening, file a security bug about it. These things are taken seriously Anders -- Madness takes its toll -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org