|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [suse-security] Acrobat Reader upgrade to 7.0
From: Mathias Homann (admin
eregion.de)
Date: Sun Jul 24 2005 - 07:58:18 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Am Sonntag, 24. Juli 2005 14:02 schrieb Rasp, Robert:
> ...or you use squidGuard to block "remoteapproach.com"
... which doesn't necessarily solve the problem, because the url is
not hardcoded into acrobat reader, but into the pdf files. so anyone
could create a pdf that uses http to download a file from any host
anywhere, then (try to) run it... imagine the possibilities...
and suse forces acroread7 down users throats as a security update?
anyways, disabling javascript is not a viable solution unless you
don't mind that acroread asks you to enable it every time you quit
acroread...
here's what i did:
i noticed that the new acroread7 packages that came thru YOU lately
have libcurl as a dependency, so i checked which plugins (in
/usr/X11R6/lib/Acrobat7/Reader/intellinux/plug_ins) are linked against
libcurl. there's only one: EFS.api. so i renamed that one (do not
delete, you MIGHT want to be able to re-enable it later if you run
into trouble...). on next start, acroread alerts you about trouble
registering two more plugins: Annots.api and SOAP.api. so i also
renamed those, to get rid of the error messageboxes. Didn't run into
any problems due to that (yet).
YMMV. DTAYOR.
bye,
MH
>
> CU
> Robert
>
> -----Ursprüngliche Nachricht-----
> Von: Dr. Reiner Pietrzak [mailto:susecrasswerk.de]
> Gesendet: Samstag, 23. Juli 2005 21:25
> An: suse-securitysuse.com
> Betreff: Re: [suse-security] Acrobat Reader upgrade to 7.0
>
> Thank you very much for this hint!
>
> Am Samstag, den 23.07.2005, 17:51 +0100 schrieb susekarsites.net:
> > Acrobat Reader likes to phone home apparently - LOL!
> >
> > Maybe these people are using AJAX technology also?
> >
> > full article at: http://lwn.net/Articles/129729/
> >
> > Linux users may have been pleased to find that Adobe has finally
> > made available a new version of its Acrobat Reader, with
> > accessibility features, a much slicker interface than Acrobat 5.x
> > and new and other spiffy features. However, there are a few other
> > features that Linux users should be aware of.
> >
> > A company called Remote Approach is promising to alert PDF
> > publishers as to the "reach and use of their materials." We were
> > curious to find out how Remote Approach was going to make good on
> > its promise, given that PDF has largely been seen as a one-way
> > medium. To find out, we created a test account and uploaded a PDF
> > to be "tagged" by Remote Approach, and then downloaded the
> > modified document to see whether Remote Approach could log our
> > use of the document.
> >
> > Remote Approach's reporting did not work when we viewed the
> > document with Kpdf, Xpdf and Adobe Reader 5.0.10. It also failed
> > using Apple's "Preview" application on Mac OS X. The document was
> > still viewable with no apparent glitch in other PDF readers, but
> > the reporting function did not work.
> >
> > However, when we opened the file using Adobe Acrobat Reader 7,
> > Remote Approach started logging views from our IP address. After
> > doing a little research, we found that Adobe's Reader was
> > connecting to
> > http://www.remoteapproach.com/remoteapproach/logging.asp each
> > time we opened the document. The information is submitted over
> > port 80 using HTTP, so it is unlikely that a home or office
> > firewall would, in a normal configuration, block the activity,
> > unless the firewall administrator is attempting to block Web
> > browsing.
> >
> >
> > Apparently, Remote Approach's "tag" to our document included the
> > addition of JavaScript code causing Acrobat to report back to
> > their server; the information reported includes the fact that the
> > document had been read, our IP address, and which viewer it had
> > been read in. (Interestingly, Remote Approach does not seem to
> > recognize the Linux version of Acrobat Reader, as it left the
> > "User Agent" field blank in its reports.)
>
> What about simply disabling javascript?
>
> Regards - Reiner Pietrzak
>
>
> --
> Check the headers for your unsubscription address For additional
> commands, e-mail: suse-security-helpsuse.com Security-related bug
> reports go to securitysuse.de, not here
--
Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt
gegen §1 UWG und 823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az:
16 O 201/98). Jede kommerzielle Nutzung der übermittelten
persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich
untersagt!
gpg key fingerprint: 5F64 4C92 9B77 DE37 D184 C5F9 B013 44E7 27BD
763C
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]