RE: Millions of PDF invisibly embedded with your internal disk p

看板Bugtraq作者ian.時間16年前 (2009/12/05 05:01)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串3/4 (看更多)

This isn=92t a security issue its a privacy issue. -----Original Message----- From: Thor (Hammer of God) [mailto:thor@hammerofgod.com]=20 Sent: 03 December 2009 22:27 To: bugtraq@securityfocus.com Subject: RE: Millions of PDF invisibly embedded with your internal disk paths (Fixing rejected post) Meh.=A0=A0 I replied to something similar off-list. "Leaking" a pdf with 'e:\nethome\joe_kitten_lover' doesn't remotely = "prove" anything.=A0 If I create a user called MayIMommaDogFaceToTheBannanPatch = and "leaked" a pdf, it doesn't mean Steve Martin was culpable.=A0 This is a non-issue, no matter how much you might want to create some fanciful = "bonsai kitten" theory to get Joe in trouble, dawg. t From: WebDawg [mailto:webdawg@gmail.com]=20 Sent: Thursday, December 03, 2009 1:58 PM To: Pavel Machek Cc: Patrick Webster; Thor (Hammer of God); bugtraq@securityfocus.com Subject: Re: Millions of PDF invisibly embedded with your internal disk paths While the risk may not be large it is still information that should not = be leaked.=A0 Leaky computers should always be plugged. On Thu, Dec 3, 2009 at 4:01 AM, Pavel Machek <pavel@ucw.cz> wrote: Hi! > I agree. Discovering the local path may be considered a risk, but in > most cases the risk is nil. Often, risk is not big, agreed. > Considering that, perhaps for the PDF format specifically this could > be an issue, under the assumption that consumers use PDF > /specifically/ to prevent data leakage. Exactly. Imagine someone posting (anonymously) copy of EvilCorp's internal web pages, that prove EvilCorp is planning =A0to produce bonsai kitten, as .pdf. If the pdf contains 'e:\nethome\joe_kitten_lover' ... then, well, Joe has a problem. (It would be bad if that .pdf contained username/hostname, too; I could imagine even timestamps being problematic.) (And yes, similar problems are elsewhere. Exif contains way too much information, if you try to leak pictures of bonsai kitten from digital camera.) =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

‣ 返回看板[ Bugtraq ] 臭蟲

‣ 更多 ian. 的文章

文章代碼(AID): #1B6NYFpm (Bugtraq)