About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Insecure Features in PDFs - 375

On Web-Security and -Insecurity Posted 5 Years Ago
  • PDFs are all over the internet, created without much effort and parsed everywhere. Does this have any security issues?
  • The first classification of attacks is denial of service (DoS). Within PDFs set of supported languages (JavaScript, etc.) infinite loops can be created. Additionally, this a classic compression expansion technique (like a zip bomb) can be done with the deflate command.
  • Using built in features of PDFs, data may be stolen. First, forms being filled out (by the user) can send the data off silently, exfiltrating the data. Calling home also leaks the IP address of the user, which is a privacy issue.
  • The others are very theoretical and are specific to implementation, such as parsing issues with files. I did not find this part of the article very useful.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed