Security Basics
Manipulate PDFs with Malware Jan 20 2013 05:59AM
Andre Silaghi (andre silaghi googlemail com) (3 replies)
AW: Manipulate PDFs with Malware Jan 23 2013 10:32AM
Booth, Daryl (Daryl Booth mobil-isc de) (1 replies)
Re: Manipulate PDFs with Malware Jan 29 2013 07:58AM
Andre Silaghi (andre silaghi googlemail com)
Thank you all for your replies here. I'm not the owner of this system
and I'm just thinking about how secure it could be without knowing
more technical details. It is a kind of online payment system which
allows you to pay by cash.

You purchase something and if you choose "their" payment method you
will get some PDF containing a bar code. This code can be scanned at
many business partners of the payment vendor and you pay by cash
personally. The payment is recognized and transmitted to the vendors
database. So you are done.

All I want to know is if there is any possiblity to intercept this PDF
and change the barcode in a way that the money will be given to the
attacker. Therefore my question whether it is easy or hard to change
the barcode in order to transfer the money to the attacker.

But again thanks a lot for your response. I will go deeper into it if
I can find enough time for that :-)

Kind regards,
André

2013/1/23 Booth, Daryl <Daryl.Booth (at) mobil-isc (dot) de [email concealed]>:
> Hi,
>
> in the opening process it would be a pain because of possible detection being high. Playing man in the middle scenarios would be a very easy way though.
>
> Best Regards
>
>
> Daryl Booth
>
>
>
> -----Ursprüngliche Nachricht-----
> Von: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] Im Auftrag von Andre Silaghi
> Gesendet: Sonntag, 20. Januar 2013 06:59
> An: security-basics (at) securityfocus (dot) com [email concealed]
> Betreff: Manipulate PDFs with Malware
>
> Hello everybody,
>
> Let me just explain to you a scenario before I ask my question about it. You are starting to download a PDF file including a barcode which is used to identify some payment information like the ammount of money you have to pay and the receiver, maybe identified by another sequence which is included.
>
> Would it be possible to manipulate this barcode easily before or during the opening process of the PDF in order to change the payment information in a way that the attacker's information is encoded there?
>
> Have you any experience with malware like this?
>
> Best regards,
> André
>
> ------------------------------------------------------------------------

> Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
> ------------------------------------------------------------------------

>

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]
RE: Manipulate PDFs with Malware Jan 23 2013 07:20AM
Simon Thornton (simon thornton info)
Re: Manipulate PDFs with Malware Jan 21 2013 06:55AM
Nick Clark (nick clark-clan com) (2 replies)
RE: Manipulate PDFs with Malware Jan 22 2013 05:42PM
David Gillett (gillettdavid fhda edu)
Re: Manipulate PDFs with Malware Jan 21 2013 09:31AM
Adam Pal (carpathin wolf gmx net) (1 replies)
AW: Manipulate PDFs with Malware Jan 21 2013 06:06PM
Günther, Sebastian (guenther sebastian googlemail com)


 

Privacy Statement
Copyright 2010, SecurityFocus