Security Basics mailing list archives
RE: Manipulate PDFs with Malware
From: "Simon Thornton" <simon () thornton info>
Date: Wed, 23 Jan 2013 08:20:58 +0100
Hi Andre, Could someone manipulate the barcode - depends on the scenario and the potential impact. Scenario: MiTM attack Vector: via phishing or similar they can put themselves between victim and attacker and simply modify the PDF stream Defense: Use SSL on the website (not a complete solution) Scenario: PDF is modified in transit Defense: digitally sign the PDF As a further defense I would use two-factor authentication and transaction verification through SMS or a token. The transaction verification means that you receive a confirmation of the transaction via SMS which contains a one-time auth code you have to enter on the site. The GSM number (some of the user info) plus the auth code could then be encoded in the signed PDF. There are other factors as well that need to be taken into account ; a risk assessment would be advised. Simon -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Andre Silaghi Sent: Sunday, January 20, 2013 06:59 AM To: security-basics () securityfocus com Subject: Manipulate PDFs with Malware Hello everybody, Let me just explain to you a scenario before I ask my question about it. You are starting to download a PDF file including a barcode which is used to identify some payment information like the ammount of money you have to pay and the receiver, maybe identified by another sequence which is included. Would it be possible to manipulate this barcode easily before or during the opening process of the PDF in order to change the payment information in a way that the attacker's information is encoded there? Have you any experience with malware like this? Best regards, André ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727 d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Manipulate PDFs with Malware Andre Silaghi (Jan 20)
- Re: Manipulate PDFs with Malware Nick Clark (Jan 20)
- Re: Manipulate PDFs with Malware Adam Pal (Jan 21)
- AW: Manipulate PDFs with Malware Günther , Sebastian (Jan 21)
- RE: Manipulate PDFs with Malware David Gillett (Jan 22)
- Re: Manipulate PDFs with Malware Adam Pal (Jan 21)
- RE: Manipulate PDFs with Malware Simon Thornton (Jan 23)
- AW: Manipulate PDFs with Malware Booth, Daryl (Jan 23)
- Re: Manipulate PDFs with Malware Andre Silaghi (Jan 29)
- Re: Manipulate PDFs with Malware Nick Clark (Jan 20)