Re: View PDFs in Google Docs

I always giggle a little bit when people say "the cloud"

Re: View PDFs in Google Docs

...and so it begins...

http://www.infosecurity-us.com/view/...-design-flaw-/

Hope you got all your patches installed.

One more oddity that I think might be related to this, I got an email today from someone that I know on another forum, but not someone that I communicate in any kind of regular basis. It was a link to a file on Google Doc's, but with no description of what it was. I of course did not click on the link, but I suspect that this person's gmail account has been compromised and it sending out nastiness.

Re: View PDFs in Google Docs

I think their main problem is that they just didn't view themselves as a target. Too many times companies like that think that all the attention is going to be paid to the OS and not to applications, and for the longest time they were correct. All the attention was paid to Windows and to a lesser extent MS Office, but now the criminals started thinking outside the box and started attacking applications instead. At this point, they need to play catchup to the criminals and take a more proactive stance on finding these things.

Hopefully many other companies of popular software will take heed and start auditing their own software.

Re: View PDFs in Google Docs

Security aside, PDF is literally a critical technology in media. The true value of a PDF goes far, far beyond anything consumers are doing with them on a day to day basis, like filling out forms and reading manuals.

A key example is the commercial printing business. PDFs are used in commercial printing of all kinds and enable artists, agencies, printers, and everyone in-between to work on content in a universal format that provides solutions for the incredible amount of nuance and variance in all of the systems, equipment, and components involved in producing their content.

Comparing a JPG to a PDF as far as potential functionality is like comparing a remote control airplane to the space shuttle.

To quote Chris Onstad, most PDF software has holes big enough to drive a school bus through, honking and dragging a bunch of rusty bikes. That's gotta change. But it's certainly not worthless. Nobody inside a commercial printing business is thinking about PDF security. They're thinking about making their five million dollar printer run all day and generate revenue.

Agreed that Adobe has done a piss-poor, Microsoft-in-the-90s-quality job of securing their software. Really, pathetically embarrassing job of it. We've taken them to the cleaners enough times that they're being more proactive, but seriously if they haven't already, they need to put an independent auditing team on that project and leave them there. They've clearly failed entirely at doing it on their own.

Re: View PDFs in Google Docs

PDFs are one of those things you'll have to learn to love to hate.

Streaker described the 'problem' with PDFs, the industry has a love affair with PDFs, and it is too far ingrained into the way of doing business that cannot be stopped. The 'not using Windows' phrase fits perfectly because it's there, it's not going away and no, you really don't have a choice.

There was another post back when the big javascript exploit was coming into the public eye, and I had found a GPO which lets you chance the js settings that way. The controls exist to change things, but I'm not sure they are very well publicized. (a quick googling for 'adobe acrobat gpo' doesn't get much right away, I didn't search much, it is almost 5am so forgive me) I think that is definitely part of the problem.

Re: View PDFs in Google Docs

While it's stating the obvious, the amount of people trying to find exploits is directly proportional to the popularity of an application. PDFs have issues, no question, but they are popular because the fulfill a number of niches for people. If there was a different application filling those same niches and was as popular, then exploits -or at least attempts to find exploits- would continue with that different application.

Re: View PDFs in Google Docs

I have an application at the office that currently contains over 1000 PDF's and selectable text is incredibly important to the function of that application. They're also nice for user filled forms, several state governments are using them for such things as filling out business tax forms and the DMV. I don't think that kind of thing is as possible in those other formats. As you can create a perfect form that can be filled in on the fly and printed perfectly. We use them all the time to distribute construction drawings that scale properly without pixellation to those people that don't have Autocad since Acrobat has become so ubiquitous.

There is of course problems with the product, but to say that they shouldn't be used is just silly and short sighted. What's next, we shouldn't be using Windows either?

Currently the best method to protect against the Launch() exploit is to disable the launch function on each client. This can be done quite easily through a Registry edit. I wrote a little script to deploy it to all my machines. I'm sure they'll be something else that will come out soon, and we'll start the whole thing over again.

It's just a fact that no matter what application you have installed, someone is going to try to find an exploit for it, and developers can have a tough time finding a fix for them that works 100% of the time on the first try.

Re: View PDFs in Google Docs

JPEG? SVG? TeX? How often do we need selectable text? I know many people disagree with me, I know how popular they are, I've even wrote software that creates them, but I simply can't get it into my mind that they should even be around.

The patch has been announced last week, but the exploit has been knowledge to those in black-hat groups for quite some time. If anything the repeated failed patches (and the fact the exploit was well out in the wild before the patch) show we can't trust the patches and we need anti-malware systems that are more advanced than simply looking for a signature, when we know that malware can be re-packed on demand individually with a new signature identity for every single download. If we don't have a system capable of sandboxing everything, we need solid design with no paths to change the system, which google docs is wonderful for (with the exception of top secret information).

Re: View PDFs in Google Docs

PDF's by no means are worthless. Many business rely upon them heavily as a standardized format that is easily moved from one platform to another. I cannot think of any other file format that has proven to be as flexible as PDF has been.

The main problem is of course, that things are vulnerable to attack, as long as a company is responsive to those issues and patches as needed, I really don't see a problem with it. I'll be really happy when they release a patch that resolves the Launch() exploit that was just reported last week.

Adobe is currently in the same boat as many other big companies are, playing catch up as exploits are released.

Re: View PDFs in Google Docs

I've never much appreciated the PDF; I think it's worthless. Thanks for helping spread the news, Adobe should be embarrassed for releasing 4 consecutive patches each of which are still vulnerable to the same exploits.

Also, another step closer to the cloud.