-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Wednesday 2006-01-25 at 16:01 -0800, Crispin Cowan wrote:
* PDF: Did you know that the PDF standard allows for embedded Javascript? And that the Adobe Acrobat viewer executes this Javascript? Much much scarier than web bugs. o Danger: This Javascript is *explicitly* used by various document providers (marketing) to determine who is reading their documents. o Danger: Javascript is a programming language, and they can embed as much malicious code as they want to, running with the privilege as the user displaying the document. Do not *ever* view a PDF as root.
I thought this only applied to acrobat version 7. Also, I though that other viewers, like xpdf, were safe in this respect. A trick was published here about how to block acroread from contacting internet outside, using the local machine firewall.
This message was composed in HTML, and then rendered down into 7-bit ASCII before sending, for your safety :)
Very interesting writeup, thank you! - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFD2BzNtTMYHG2NR9URAtBXAKCQJ9rTOkAmxYW3T8eObrQPbLgJSgCggvPJ caUl31joikJ1LYueNlSOnbk= =tcS2 -----END PGP SIGNATURE-----