Securethoughts.com reports that millions of PDFs created from within Internet Explorer have privacy issues. The so called issue is that IF you load a local html file in IE and IF you then print that file to PDF, IE will give the document the file path as title. IF you then publish this PDF document, evil does will be able to obtain information from the path info.
So what can this information be used for?? According to the post, attackers could use it to obtain information about what operating system you are running and then use that information for malicious attacks.
PDF is not the perfect format and it has had flaws before but only the very neurotic needs to be concerned about this issue as the information given away should be easily available by:
1) Guessing: Anybody printing a HTML page to pdf and publishing it is very likely to be Windows user
2) Looking at the application (or producer) meta data in the PDF file that very often will tell you what program and what OS was used to produce the file
Long story short, unless you are printing PDF files stored at C:\Documents and Settings\Larry\Desktop\reports for my stupid and ignorant boss\Report1.html you need not worry. If you have security concerns in general, youre probably not using, PDF, Windows or IE.
No wolf here, large puddle at the most.
Tuesday, November 24, 2009
Subscribe to:
Posts (Atom)