Hacker Discovers Adobe PDF Back Doors

Egy digg nyomán az eWeek-en olvashatunk Ryan Naraine tolmácsolásában, hogy egy David Kierznowski nevű – "penetration testing expert"  (ahh, de jó kis életcél, vö: Inetpub Certified Drink Master Professionals) – foglalkozású hacker

released proof-of-concept code and rigged PDF files to demonstrate how the Adobe Reader program could be used to launch attacks without any user action.

A hacker azt állítja, a kidolgozott technológia konkrét megvalósításával még nem találkozott. A  közétett, és teljesen peccselt Acrobat Reader-ben megnyitható demoi:

elég veszélyes helyzetet írnak le. A dolgot persze az érintett cég kissebbíteni igyekszik.

Kierznowski said his interest in auditing PDF files for back doors comes from a fascination with the concept of "passive hacking."

"Active exploitation techniques such as buffer overflows are becoming more and more difficult to find and exploit … The future of exploitation lies in Web technologies," he said, noting that internal users are often in a "relationship of trust" with the surrounding network.

Confirming a trend that sees Microsoft Office applications—Word, Excel, PowerPoint—used in zero-day attacks, Kierznowski sees a future of client-side hacking that expands the functionality of a service.

"This form of hacking merely manipulates the user's client to perform a certain function, effectively using the user's circle of trust," he said.

Leave a Reply

Your email address will not be published. Required fields are marked *