So I finally got around to watch a Nova episode about 'cyberwarfare' that I had recorded on the dvr from last year, and one of the bits they talked about offended me from an IT point of view:
They demonstrated a hack where a user opened a pdf file that was emailed to him, and then malware got installed on his machine by doing so. Now, I kept looking for some explanation, since I thought to myself: Adobe Acrobat, reading some pdf file, can't just install programs on your computer. Windows wouldn't allow it; it would bring up an installation box.
So, I checked online, thinking maybe the user didn't notice the file was sample.pdf.exe or something like it. Nope: it was an a pdf file, Acrobat or Reader was coming up to read it, and then code in the pdf was actually going out, uploading malware to the machine, and then it was getting installed.
Which to my mind is simply insane. That a simple text viewing program would have the authority to install anything is mind-blowing to me. At first I thought "well, Acrobat must suck, should install another". But then I got to thinking: what kind of OS allows text reading programs to install programs without the OS intervening?
Thoughts? Who's at fault here? Uncle Bill's progeny or Adobe? (Followup: is this exploit possible in Macland?)
They demonstrated a hack where a user opened a pdf file that was emailed to him, and then malware got installed on his machine by doing so. Now, I kept looking for some explanation, since I thought to myself: Adobe Acrobat, reading some pdf file, can't just install programs on your computer. Windows wouldn't allow it; it would bring up an installation box.
So, I checked online, thinking maybe the user didn't notice the file was sample.pdf.exe or something like it. Nope: it was an a pdf file, Acrobat or Reader was coming up to read it, and then code in the pdf was actually going out, uploading malware to the machine, and then it was getting installed.
Which to my mind is simply insane. That a simple text viewing program would have the authority to install anything is mind-blowing to me. At first I thought "well, Acrobat must suck, should install another". But then I got to thinking: what kind of OS allows text reading programs to install programs without the OS intervening?
Thoughts? Who's at fault here? Uncle Bill's progeny or Adobe? (Followup: is this exploit possible in Macland?)
via International Skeptics Forum http://ift.tt/1K8fcFL
Aucun commentaire:
Enregistrer un commentaire