PDF files?

[smstonypoint]

Internet delinquents love PDF files...especially if you open them with adobe reader...

Please elaborate.

Steve

 

[boggen]

Ryan,

Interesting. I didn't know that adding -pdf -pdf would exclude pdf files.


When I Google worldwide vs territorial tax systems I get 276,000 results.
When I Google worldwide vs territorial tax systems -pdf I get 1,070,000 results.
When I Google worldwide vs territorial tax systems -pdf -pdf I get 1,060,000 results.

What the heck is going on?

Steve

-pdf = exlcudes everything with PDF
-.pdf = files ending with extension .pdf ((its the dot))

some pdf files leak through without doing the double -pdf -.pdf statement.

 

[smstonypoint]

-pdf = exlcudes everything with PDF
-.pdf = files ending with extension .pdf ((its the dot))

some pdf files leak through without doing the double -pdf -.pdf statement.

OK. I missed the dot before the second pdf. When I add the dot I get 895,000 hits.

But why do I get more hits when adding -pdf -.pdf than when I omit those terms?

Steve

 

[flyerdan]

I have XP and Firefox and .pdfs open up in a viewer for me. I think it might be a javascript app running it, so if you have js disabled that might be causing it.

 

[/pine]

Please elaborate.
Steve

the below is pasted please excuse the format...you can do further research on the subject...FWIW...

Main client applications

The main application used to open PDF files for display is Adobe Reader. Many alternative applications are also able to display PDF files, such as Preview on MacOSX and Foxit Reader on Windows.

Adobe Acrobat is one of the applications which can create and edit PDF documents.
Main security issues

PDF is usually considered as a static and safe format for document exchange, which is a wrong perception.

The PDF format is in fact very complex, and contains several features which may lead to security issues:

Javascript: Adobe Reader (and possibly other readers) contains a Javascript engine similar to the ones used by web browsers, but with a slightly different API to manipulate PDF content dynamically or to control some viewer features. Potentially dangerous features are restricted for obvious security reasons. However, this means that PDF documents are not purely static, and for example some actions may be used to fool a user (popups) or to send e-mails and HTTP requests automatically. Furthermore, experience shows that many recent vulnerabilities have been exploited using Javascript in PDF.
Launch actions: a PDF file may launch any command on the operating system, after user confirmation (popup message). Different command lines may be specified for Windows, Unix and Mac. On Windows only, parameters can be provided for the command. Until Adobe Reader 9.3.2, the CVE-2010-1240 vulnerability made it possible to fool users by modifying the text of the popup message. Since Adobe Reader 9.3.3, a blacklist restricts file formats that can be opened, blocking executable files by default (but a way to bypass it has been found, and finally fixed in v9.3.4).
Embedded files: a PDF file may contain attached files, which can be extracted and opened from the reader. This trick may be used to hide malicious executables in order to bypass some antivirus and content analysis engines. Fortunately, Adobe Reader refuses to open embedded files if their extension is part of a blacklist, such as EXE, BAT, CMD, etc. However, this blacklist is not perfect and formats such as HTML or Python scripts may be embedded in PDF and launched from Adobe Reader.
GoToE actions: a PDF file may be embedded inside another PDF file, and a GoToE action may be used so that Adobe Reader opens the embedded PDF file automatically without notifying the user. This feature may be used to hide a malicious PDF file within a normal PDF file, to fool many antivirus engines.
Embedded Flash applications: a PDF file may contain Flash applications (stored as embedded SWF files), which bring their own security issues, such as ActionScript content and Adobe Flash Player vulnerabilities. Adobe Reader contains its own Flash Player, independent from the one installed in web browsers. For example the CVE-2010-1297 vulnerability was first patched in the Flash Player on the 10 June 2010, whereas the Flash Player shipped with Adobe Reader was only patched on the 29 June 2010.
Encryption: a PDF file may be encrypted with a password. However, if an empty password is used, Adobe Reader will open it directly without asking the user. This trick may be used to fool many antivirus and analysis engines that do not support decryption.
Parser "flexibility": PDF specifications, Adobe Reader and possibly other applications are very flexible about the structure of PDF files. For example, most people think that PDF files have to start with the "%PDF" magic number, whereas the specifications only say this header has to be in the first 1024 bytes. It is therefore possible to insert around 1000 random bytes at the beginning of a PDF file. This trick may be used to bypass too strict antivirus or content analysis engines, because a fake file header (for example JPEG or HTML) can be inserted. Another example is that the catalog at the end of the PDF structure may not point exactly to each object: Adobe Reader is able to reconstruct malformed files even if some content has been inserted within or between PDF objects.

 

[KiotiKowboy]

.pdf files are universally usable - as the reader, or many variants thereof are free. .pdf belongs to Adobe and their free downloadable reader is Adobe Acrobat Reader. If you download and install this reader, it will automatically install itself to your IE or Firefox browsers. Trust me ... you should install this.

Resistance is futile. You will be assimilated.

 

[k0ua]

I always thought the reason for the proliferation of the Adobe reader Borg collective was that the ubiquitous .pdf file works cross platform, Windows, Mac, Apple Iphone, and Android, and maybe others for all I know. So you have something that works on about everything.

 

[smstonypoint]

.pdf files are universally usable - as the reader, or many variants thereof are free. .pdf belongs to Adobe and their free downloadable reader is Adobe Acrobat Reader. If you download and install this reader, it will automatically install itself to your IE or Firefox browsers. Trust me ... you should install this.

Resistance is futile. You will be assimilated.

I am well acquainted with pdf files and I used Adobe Acrobat back in the day when I made my class notes available to my students on my university's network. Please see post #1.

Steve

 

[k0ua]

.pdf files are universally usable - as the reader, or many variants thereof are free. .pdf belongs to Adobe and their free downloadable reader is Adobe Acrobat Reader. If you download and install this reader, it will automatically install itself to your IE or Firefox browsers. Trust me ... you should install this.

Resistance is futile. You will be assimilated.

Hey "7 of 9" was a hottie..:laughing:

 

[boggen]

OK. I missed the dot before the second pdf. When I add the dot I get 895,000 hits.

But why do I get more hits when adding -pdf -.pdf than when I omit those terms?

Steve

ask google its there search engine!