Security Basics
Manipulate PDFs with Malware Jan 20 2013 05:59AM
Andre Silaghi (andre silaghi googlemail com) (3 replies)
AW: Manipulate PDFs with Malware Jan 23 2013 10:32AM
Booth, Daryl (Daryl Booth mobil-isc de) (1 replies)
Re: Manipulate PDFs with Malware Jan 29 2013 07:58AM
Andre Silaghi (andre silaghi googlemail com)
RE: Manipulate PDFs with Malware Jan 23 2013 07:20AM
Simon Thornton (simon thornton info)
Hi Andre,

Could someone manipulate the barcode - depends on the scenario and the
potential impact.

Scenario: MiTM attack
Vector: via phishing or similar they can put themselves between victim and
attacker and simply modify the PDF stream
Defense: Use SSL on the website (not a complete solution)

Scenario: PDF is modified in transit
Defense: digitally sign the PDF

As a further defense I would use two-factor authentication and transaction
verification through SMS or a token. The transaction verification means that
you receive a confirmation of the transaction via SMS which contains a
one-time auth code you have to enter on the site. The GSM number (some of
the user info) plus the auth code could then be encoded in the signed PDF.

There are other factors as well that need to be taken into account ; a risk
assessment would be advised.

Simon

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
Behalf Of Andre Silaghi
Sent: Sunday, January 20, 2013 06:59 AM
To: security-basics (at) securityfocus (dot) com [email concealed]
Subject: Manipulate PDFs with Malware

Hello everybody,

Let me just explain to you a scenario before I ask my question about it. You
are starting to download a PDF file including a barcode which is used to
identify some payment information like the ammount of money you have to pay
and the receiver, maybe identified by another sequence which is included.

Would it be possible to manipulate this barcode easily before or during the
opening process of the PDF in order to change the payment information in a
way that the attacker's information is encoded there?

Have you any experience with malware like this?

Best regards,
André

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate In this guide we
examine the importance of Apache-SSL and who needs an SSL certificate. We
look at how SSL works, how it benefits your company and how your customers
can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server.
Throughout, best practices for set-up are highlighted to help you ensure
efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727
d1
------------------------------------------------------------------------

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]
Re: Manipulate PDFs with Malware Jan 21 2013 06:55AM
Nick Clark (nick clark-clan com) (2 replies)
RE: Manipulate PDFs with Malware Jan 22 2013 05:42PM
David Gillett (gillettdavid fhda edu)
Re: Manipulate PDFs with Malware Jan 21 2013 09:31AM
Adam Pal (carpathin wolf gmx net) (1 replies)
AW: Manipulate PDFs with Malware Jan 21 2013 06:06PM
Günther, Sebastian (guenther sebastian googlemail com)


 

Privacy Statement
Copyright 2010, SecurityFocus