Hacker Finds Multiple PDF Backdoors

Gungadin writes "Eweek.com has a story about a British security researcher figuring out a way to manipulate legitimate features in Adobe PDF files to open backdoors for computer attacks. David Kierznowski, a penetration testing expert specializing in Web application testing, has released proof-of-concept code and two sample PDF files to demonstrate how the Adobe Reader program can be rigged to launch Web-based attacks without any user action. He claims there are least seven different ways to backdoor a PDF."

Re:Does anyone else think this is good news?

[Waffle+Iron]

PDF is incredibly useful...to people other than yourself. The bloat that annoys you so much guarantees layout and color fidelity to people who care about those things.

So it's incredibly useful to the people who work at a printing company. For the 99% of the rest of us, it's not very useful at all. Of all the text PDF documents that I've been subjected to downloading, I can't think of a single one wouldn't have rendered better on my screen and been more convenient to navigate as an HTML page. Some could argue that PDF is good for graphics like large maps, but the ones I've used have been so bloated and slow that I'm sure a plain old 4000x3000 pixel .PNG would have been quicker, easier and more compact.

I really don't care what the original looked like in the author's word processor. I rarely print things out anymore, and with 1600x1200 LCD monitors available for around $300, there's going to be less and less need for anyone to print hard copies as time goes by. The whole PDF concept is a vestige of dead tree technology, and it should be relegated those those people who work mainly with physical paper. It doesn't really have business being used as a document format on any general-purpose web server.