RE: Millions of PDF invisibly embedded with your internal disk p
Not you too... people talking about "enough for them to search your compute=
r" and "silent mapping of intranet." Enough already. The home path is a l=
ocal path or mapped drive letter. Not an IP or UNC. Even if it was, "\\19=
2.168.1.55\users\jsmith" is worthless. You don't even know the source of t=
he document. Don't we have enough to deal with than waste time with this? =
You actually think the security team needs to be aware of this and make pol=
icies to scan and replace metadata in pdf's? Why not have them start off b=
y cleaning up Word docs just to show us they are capable of it in the first=
place.=20
My homepath is c:\users\tmullen. My IP address is 192.168.1.3. Go ahead, =
map away.
Bonsai kittens, search warrants, silent intranet mapping and autonomous ame=
lioration tools. People have lost their minds. Check the headers on peopl=
e's email if you want a map of the intranet. Meh.
t
-----Original Message-----
From: Nick FitzGerald [mailto:nick@virus-l.demon.co.uk]=20
Sent: Friday, December 04, 2009 1:51 PM
To: bugtraq@securityfocus.com
Subject: Re: Millions of PDF invisibly embedded with your internal disk pat=
hs
Ian Bradshaw wrote:
> This isn't a security issue its a privacy issue.
If the leaked, embedded paths can be things like UNCs or IP-based=20
internal server addresses, it is arguably a bit more than a privacy=20
issue, allowing silent, external, partial mapping of the corporate=20
intranet.
Not good if your organization is in the habit of making lots of PDFs=20
more or less publicly available from many departments, etc...
Definitely something the security team should be aware of and=20
(probably) making sure there are policies, and as necessary,=20
amelioration tools and processes, to handle such.
Regards,
Nick FitzGerald
討論串 (同標題文章)
完整討論串 (本文為第 4 之 4 篇):