[From nobody Tue Nov 18 17:13:33 2008 Return-Path: <> X-Original-To: nextgens@freenetproject.org Delivered-To: nextgens@freenetproject.org Received: by emu.freenetproject.org (Postfix, from userid 108) id 2A1E69BF29; Wed, 13 Sep 2006 16:06:47 +0000 (UTC) Received: from mx.laposte.net (mx.laposte.net [81.255.54.11]) by emu.freenetproject.org (Postfix) with ESMTP id B5A7F9BB2C for <nextgens@freenetproject.org>; Wed, 13 Sep 2006 16:06:41 +0000 (UTC) Delivered-To: nextgens35@laposte.net Received: from smtp.laposte.net (10.150.9.38) by mx.laposte.net (7.2.060.1) id 44F4DD6E0070AF93 for mailbidon@laposte.net; Wed, 13 Sep 2006 18:06:04 +0200 Received: from lists.grok.org.uk (195.184.125.51) by smtp.laposte.net (7.3.105.2) id 000000000094E153 for mailbidon@laposte.net; Wed, 13 Sep 2006 18:10:35 +0200 Received: from lists.grok.org.uk (localhost [127.0.0.1]) by lists.grok.org.uk (Postfix) with ESMTP id 90BC1405; Wed, 13 Sep 2006 17:05:48 +0100 (BST) X-Original-To: full-disclosure@lists.grok.org.uk Delivered-To: full-disclosure@lists.grok.org.uk Received-SPF: pass (lists.grok.org.uk: domain of david.kierznowski@gmail.com designates 66.249.92.168 as permitted sender) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.168]) by lists.grok.org.uk (Postfix) with ESMTP id 7E5F16B0 for <full-disclosure@lists.grok.org.uk>; Wed, 13 Sep 2006 15:08:47 +0100 (BST) Received: by ug-out-1314.google.com with SMTP id m2so2098959uge for <full-disclosure@lists.grok.org.uk>; Wed, 13 Sep 2006 07:08:47 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=bxqtAqtpM2eTpkfdd6ge5KU9FiSfQ8c+zl6NQfaggI2as0k+VyOKdFGSI0YptLCZ15BPTp5QLaPKz2PRVPog2k+7OGIAVC57umk8+TDTO3UC1oDksLqQrxu6JGTjyqAVObRf2GxvYfszaM+FkbIyIRdRRoWPU9/RqDXO+EDWua0= Received: by 10.67.119.5 with SMTP id w5mr4089392ugm; Wed, 13 Sep 2006 06:53:58 -0700 (PDT) Received: by 10.66.233.17 with HTTP; Wed, 13 Sep 2006 06:53:58 -0700 (PDT) Message-ID: <f4cd4c010609130653p6672b2b5j89c9a65267784b8a@mail.gmail.com> Date: Wed, 13 Sep 2006 14:53:58 +0100 From: "David Kierznowski" <david.kierznowski@gmail.com> To: full-disclosure@lists.grok.org.uk, security-basics@securityfocus.com MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Mailman-Approved-At: Wed, 13 Sep 2006 17:05:42 +0100 Cc: Subject: [Full-disclosure] Backdooring PDF Files X-BeenThere: full-disclosure@lists.grok.org.uk X-Mailman-Version: 2.1.5 Precedence: list List-Id: An unmoderated mailing list for the discussion of security issues <full-disclosure.lists.grok.org.uk> List-Unsubscribe: <https://lists.grok.org.uk/mailman/listinfo/full-disclosure>, <mailto:full-disclosure-request@lists.grok.org.uk?subject=unsubscribe> List-Archive: <http://lists.grok.org.uk/pipermail/full-disclosure> List-Post: <mailto:full-disclosure@lists.grok.org.uk> List-Help: <mailto:full-disclosure-request@lists.grok.org.uk?subject=help> List-Subscribe: <https://lists.grok.org.uk/mailman/listinfo/full-disclosure>, <mailto:full-disclosure-request@lists.grok.org.uk?subject=subscribe> Sender: full-disclosure-bounces@lists.grok.org.uk Errors-To: full-disclosure-bounces@lists.grok.org.uk X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on emu.dh.bytemark.co.uk X-Spam-Level: X-Spam-Status: No, score=-6.2 required=5.0 tests=AWL,BAYES_00,RCVD_BY_IP autolearn=ham version=3.0.3 X-Dropzone: ML X-Dropzone-Flag: Security Recently, there has been alot of hype involving backdooring various web technologies. pdp (arcitect) has done alot of work centered around this area. I saw Jeremiah Grossman mention PDF's being "BAD", however, I was unable to easily locate any practical reasons as to why. I decided to investigate this a little further. This article discusses two possible backdoor techniques for Adobe Acrabat Reader and Professional. It includes proof of concept code and backdoored PDF documents. The article can be found here: http://michaeldaw.org/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ]