RE: Millions of PDF invisibly embedded with your internal disk p

看板Bugtraq作者thor.時間16年前 (2009/12/05 02:01)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串2/4 (看更多)

(Fixing rejected post) Meh.=A0=A0 I replied to something similar off-list. "Leaking" a pdf with 'e:\nethome\joe_kitten_lover' doesn't remotely "prove"= anything.=A0 If I create a user called MayIMommaDogFaceToTheBannanPatch an= d "leaked" a pdf, it doesn't mean Steve Martin was culpable.=A0 This is a n= on-issue, no matter how much you might want to create some fanciful "bonsai= kitten" theory to get Joe in trouble, dawg. t From: WebDawg [mailto:webdawg@gmail.com]=20 Sent: Thursday, December 03, 2009 1:58 PM To: Pavel Machek Cc: Patrick Webster; Thor (Hammer of God); bugtraq@securityfocus.com Subject: Re: Millions of PDF invisibly embedded with your internal disk pat= hs While the risk may not be large it is still information that should not be = leaked.=A0 Leaky computers should always be plugged. On Thu, Dec 3, 2009 at 4:01 AM, Pavel Machek <pavel@ucw.cz> wrote: Hi! > I agree. Discovering the local path may be considered a risk, but in > most cases the risk is nil. Often, risk is not big, agreed. > Considering that, perhaps for the PDF format specifically this could > be an issue, under the assumption that consumers use PDF > /specifically/ to prevent data leakage. Exactly. Imagine someone posting (anonymously) copy of EvilCorp's internal web pages, that prove EvilCorp is planning =A0to produce bonsai kitten, as .pdf. If the pdf contains 'e:\nethome\joe_kitten_lover' ... then, well, Joe has a problem. (It would be bad if that .pdf contained username/hostname, too; I could imagine even timestamps being problematic.) (And yes, similar problems are elsewhere. Exif contains way too much information, if you try to leak pictures of bonsai kitten from digital camera.) =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0= =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blo= g.html

‣ 返回看板[ Bugtraq ] 臭蟲

‣ 更多 thor. 的文章

文章代碼(AID): #1B6KvW4x (Bugtraq)