PDF Security Issues Doing your bit to help Betsy Kent May 2010.

Slides:

Advertisements

Similar presentations

Chapter 10 Fine-tuning, Completing, and Publishing Your Project.

Advertisements

Microsoft ® Office 2007 Training Security II: Turn off the Message Bar and run code safely P J Human Resources Pte Ltd presents:

Choose and Book Archive New functionality from November 2012.

A lesson approach © 2011 The McGraw-Hill Companies, Inc. All rights reserved. a lesson approach Microsoft® PowerPoint 2010 © 2011 The McGraw-Hill Companies,

Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012.

Digital Rights Management: The Technology behind the Hype Mark Stamp Department of Computer Science San Jose State University.

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.

PDF Automation Advance through the slides by clicking on the blue triangle box located in the lower right hand corner of the presentation.

Lesson 6 Templates. 2 3 TEMPLATE: Also referred to as a “boiler plate” and thought of as a pattern for a series of similar documents. FILE - NEW - Choose.

Lesson 6 – Part 6 Word Lesson 6 presentation prepared by Michele Smith – North Buncombe High School, Weaverville, NC. Content from Microsoft Office Word.

Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.

Using a Template to Create a Resume and Sharing a Finished Document

Outline IS400: Development of Business Applications on the Internet Fall 2004 Instructor: Dr. Boris Jukic JavaScript: Introduction to Scripting.

Server-Side vs. Client-Side Scripting Languages

RIMS II Online Order and Delivery System Tutorial on Downloading and Viewing Multipliers.

We have you by the gadgets Hitting your OS below the belt.

Computer Literacy BASICS: A Comprehensive Guide to IC 3, 5 th Edition Lesson 14 Sharing Documents 1 Morrison / Wells / Ruffolo.

Mat-100 Instructions for download and completing form.

Adobe Acrobat. Overview Basic Skills – Updating – Making – Updating – Sending Advanced – Form creation – Data Exportation Help Resources.

Commonwealth of Massachusetts Department of Industrial Accidents Formatting Conference Documents in PDF for Impartial Physicians This tutorial is designed.

© 2008 The McGraw-Hill Companies, Inc. All rights reserved. M I C R O S O F T ® Preparing for Electronic Distribution Lesson 14.

Microsoft ® Office 2007 Training Security II: Turn off the Message Bar and run code safely John Deere presents:

©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.

MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.

4.1 JavaScript Introduction

Cyber Patriot Training

Information Systems Security LAÏMOUCHE El Hadj, DAVY Benjamin 1source :

Tutorial 11 Installing, Updating, and Configuring Software

Copyright © 2008 Pearson Prentice Hall. All rights reserved. 1 Exploring Microsoft Office Word 2007 Chapter 7 The Advanced User Robert Grauer, Keith Mulbery,

Windermere Photo Gallery A Walkthrough of What’s New.

Copyright 2000 eMation SECURITY - Controlling Data Access with

3-Protecting Systems Dr. John P. Abraham Professor UTPA.

NETPDTC-hosted AIM Central Site New Users Guide

1. Chapter 25 Protecting and Preparing Documents.

VistA Imaging Capture via Scanning. October VistA Imaging Capture via Scanning The information in this documentation includes only new and updated.

SuccessMaker. Where are they? Math: Intranet On a server at Vanhoose Reading Web-based.

1.Obtaining software 2.Sample pdf for this presentation 3.Checking accessibility of the pdf 4.Tackling inaccessibility 5.Tips and helpful links How to.

What is a PDF?. Question…  Does everyone own a Mac computer?  Does everyone own the same programs/applications on their computers?  Does everyone have.

Managing Student Documents. What we will cover: Document Basics Document Categories Confidential Documents Document Forwarding Document Approval Document.

~Computer Virus~ The things you MUST know Brought to You By Sumanta Majumdar Dept. Of Electrical Engg. 2010,GNIT

Copyright © , Solutionary, Inc. Current Adobe Exploits  2 different exploits in play  “Here you have”, “Just for you”  No Advisory – PDF Masking.

LOGGING IN & ROLES PolicyTech Business & Financial Affairs

1 Lesson 14 Sharing Documents Computer Literacy BASICS: A Comprehensive Guide to IC 3, 4 th Edition Morrison / Wells.

How –to guide for Step by Step instructions on sharing your references in RefWorks.

DSS Tips and Tricks A Must-Read for DSS Beginners Rev. Apr 2008.

Vulnerabilities in Operating Systems Michael Gaydeski COSC December 2008.

Lesson 6 – Part 2 Word Lesson 6 presentation prepared by Michele Smith – North Buncombe High School, Weaverville, NC. Content from Microsoft Office Word.

CACI Proprietary Information | Date 1 PD² SR13 Client Upgrade Name: Semarria Rosemond Title: Systems Analyst, Lead Date: December 8, 2011.

Lesson 6 Word Lesson 6 presentation prepared by Michele Smith – North Buncombe High School, Weaverville, NC. Content from Microsoft Office Word 2010 Lesson.

Ransomware BISD Technology Department. Ransomware Ransomware is a type of malicious software (malware) that infects a computer and/or mobile device and.

Intro to Google Docs 2014.

ArcGIS for Server Security: Advanced

Work on the Fly Hosted Solutions for Timeslips Customers

How to Change a Microsoft Word Document to a PDF Fillable Form!

How to use the Travel Claim Form

Contact QuickBooks File Doctor

IMPORTANT INFORMATION ABOUT THE VISUALIZATION EMBEDDED IN THIS SLIDE - IF YOU ARE EXPERIENCING DIFFICULTIES,PLEASE READ ON! This PowerPoint slide includes.

Lesson 14 Sharing Documents

How to customize your Microsoft SharePoint Online website

IMPORTANT INFORMATION ABOUT THE VISUALIZATION EMBEDDED IN THIS SLIDE - IF YOU ARE EXPERIENCING DIFFICULTIES,PLEASE READ ON! This PowerPoint slide includes.

WEB PROGRAMMING JavaScript.

AppExchange Security Certification

Connecting Remotely Winter 2014.

Microsoft PowerPoint 2007 – Unit 2

Bethesda Cybersecurity Club

IMPORTANT INFORMATION ABOUT THE VISUALIZATION EMBEDDED IN THIS SLIDE - IF YOU ARE EXPERIENCING DIFFICULTIES,PLEASE READ ON! This PowerPoint slide includes.

IMPORTANT INFORMATION ABOUT THE VISUALIZATION EMBEDDED IN THIS SLIDE - IF YOU ARE EXPERIENCING DIFFICULTIES,PLEASE READ ON! This PowerPoint slide includes.

IMPORTANT INFORMATION ABOUT THE VISUALIZATION EMBEDDED IN THIS SLIDE - IF YOU ARE EXPERIENCING DIFFICULTIES,PLEASE READ ON! This PowerPoint slide includes.

Microsoft Word 2010 Lesson 6 – Part 6

How To Password Protect A PDF Free With or Without Acrobat.

Presentation transcript:

PDF Security Issues Doing your bit to help Betsy Kent May 2010

They’re out there Malicious PDFs comprised 80 percent of all exploits for 2009 Dancho Danchev 2/16/2010

MS Word Dethroned Files based on Reader were exploited in almost 49 per cent of the targeted attacks of 2009, compared with about 39 per cent that took aim at Microsoft Word. By comparison, in 2008, Acrobat was targeted in almost 29 per cent of attacks and Word was exploited by almost 35 per cent. Bruce Schneier on Security

Why Choose PDF? “… the increasing use of malicious PDFs can also be interpreted as the direct result of the millions of users using outdated and exploitable Adobe products … ScanSafe’s report shows that Adobe Acrobat/Reader exploits grew while the use of Flash exploits declined... “while the use of Flash exploits declined Dancho Danchev

80% using outdated versions Trustseer claims that 83.5% of users are running a vulnerable version of Acrobat. “…Data published by Secunia two months ago, indicates the same trend that cybercriminals have been aware of for a while now, namely, that the average insecure program per PC rate is still high, with 3 insecure programs in the U.S on average, and 4 insecure programs per PC in Europe based on the company’s data. “the average insecure program per PC rate is still high Dancho Danchev

No Vulnerability Required! PDF executes embedded executable via a launch action Foxit Reader doesn’t even give a warning Acrobat Reader warning can be edited cape-from-pdf/

DEMO “In this proof of concept I have one benign PDF document titled “empty.pdf” and another evil PDF document titled “ownit.pdf”. The ownit.pdf file contains my custom code that when opened prompts the user to allow the execution of this code and if the user clicks “ok” this code will inject an incremental update into the empty.pdf file. “

It’s out there Didier Steven’s proof of concept has been seen in the wild: no Javascript required “…and embeds the executable as a PDF comment. Within this PDF comment is a simple vbscript that encodes the executable as an ANSI character code array which is latter extracted from the PDF file, converted to binary form, written to the user’s computer as “game.exe” and executed…”

What Can You Do? Talk to your manager or client Adobe’s recommended Workaround executable-hack/6028?p=6028&tag=rbxccnbzd1 executable-hack/6028?p=6028&tag=rbxccnbzd1 “Users can also turn off this functionality in the Adobe Reader and Adobe Acrobat Preferences by selecting > Edit > Preferences > Categories > Trust Manager > PDF File Attachments and clearing (unchecking) the box “Allow opening of non-PDF file attachments with external applications”

Zeus crimeware s The messages appear to be forwarded from a Director of Information Services who apparently received update instructions directly from an associate at Adobe. The message from the Adobe associate states that the update link is to patch CVE There are two links in the message which lead to the same IP address hosting a PDF file for instructions and an executable which is meant to be the patch to apply.CVE

PDF Specification 1.5 spec Note: Once the document has been opened and decrypted successfully, the viewer application has access to the entire contents of the document. There is nothing inherent in PDF encryption that enforces the document permissions specified in the encryption dictionary. It is up to the implementors of PDF viewer applications to respect the intent of the document creator by restricting user access to an encrypted PDF file according to the permissions contained in the file. Note: PDF 1.5 introduces a new set of access permissions that do not require the document to be encrypted; see Section 8.7.3, “Permissions.”

References comprised-80-percent-of-all-exploits-for- 2009/5473?tag=mantle_skin;content Report: Malicious PDF files comprised 80 percent of all exploits for 2009http:// comprised-80-percent-of-all-exploits-for- 2009/5473?tag=mantle_skin;content ml PDF the Most Common Malware Vectorhttp:// ml running-unpatched-versions-of- flashacrobat/4097?tag=mantle_skin;content Unpatched Acrobathttp:// running-unpatched-versions-of- flashacrobat/4097?tag=mantle_skin;content Escape from PDF seen in the wildhttp:// pdf-executable-trickery/6055?p=6055&tag=nl.e539

References (continued) pdf-embedded-executable-hack/6028?p=6028&tag=rbxccnbzd1 Workaround for the embedded executable hackhttp:// pdf-embedded-executable-hack/6028?p=6028&tag=rbxccnbzd1 apps-fake-amazon-orders-and-bogus-adobe- updates/6480?tag=nl.e539 Bogus Adobe updateshttp:// apps-fake-amazon-orders-and-bogus-adobe- updates/6480?tag=nl.e539