Okay, this one has some potentially VERY serious ramifications.
New 'Shadow Attack' can replace content in digitally signed PDF files | ZDNet
New 'Shadow Attack' can replace content in digitally signed PDF files | ZDNet
Navigation
Install the app
How to install the app on iOS
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature currently requires accessing the site using the built-in Safari browser.
More options
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
New 'Shadow Attack' can replace content in digitally signed PDF files
- Thread starter Ringel05
- Start date
- Nov 10, 2019
- 44,396
- 28,142
- 2,490
- Moderator
- #2
Like a dumb ass, I thought PDF and digital signatures were kind of a gold standard of can not be changed unless you originated the file. Glad I don't do much business with contracts any more, since retirement.Okay, this one has some potentially VERY serious ramifications.
The list of vulnerable applications includes Adobe Acrobat Pro, Adobe Acrobat Reader, Perfect PDF, Foxit Reader, PDFelement, and others, according to new research [PDF] published this week by academics from the Ruhr-University Bochum in Germany.
A Shadow Attack is when a threat actor prepares a document with different layers and sends it to a victim. The victim digitally signs the document with a benign layer on top, but when the attacker receives it, they change the visible layer to another one.
Because the layer was included in the original document that the victim signed, changing the layer's visibility doesn't break the cryptographic signature and allows the attacker to use the legally-binding document for nefarious actions -- such as replacing the payment recipient or sum in a PDF payment order or altering contract clauses.
New 'Shadow Attack' can replace content in digitally signed PDF files | ZDNet
- Aug 6, 2012
- 27,996
- 24,801
- 2,405
Okay, this one has some potentially VERY serious ramifications.
The list of vulnerable applications includes Adobe Acrobat Pro, Adobe Acrobat Reader, Perfect PDF, Foxit Reader, PDFelement, and others, according to new research [PDF] published this week by academics from the Ruhr-University Bochum in Germany.
A Shadow Attack is when a threat actor prepares a document with different layers and sends it to a victim. The victim digitally signs the document with a benign layer on top, but when the attacker receives it, they change the visible layer to another one.
Because the layer was included in the original document that the victim signed, changing the layer's visibility doesn't break the cryptographic signature and allows the attacker to use the legally-binding document for nefarious actions -- such as replacing the payment recipient or sum in a PDF payment order or altering contract clauses.
New 'Shadow Attack' can replace content in digitally signed PDF files | ZDNet
What about the original .pdf that was signed and which the end user sees? If they download the .pdf, does it ensure it is the original that he signed?
None of this surprises me to be honest. The beauty is also the danger in technology, it is always changing, and the good guys will never be able to keep up with the bad guys. Businesses who offer these services will have to improve their security and reliability, , or they will go out of business.
- Thread starter
- #4
I have no idea.Okay, this one has some potentially VERY serious ramifications.
The list of vulnerable applications includes Adobe Acrobat Pro, Adobe Acrobat Reader, Perfect PDF, Foxit Reader, PDFelement, and others, according to new research [PDF] published this week by academics from the Ruhr-University Bochum in Germany.
A Shadow Attack is when a threat actor prepares a document with different layers and sends it to a victim. The victim digitally signs the document with a benign layer on top, but when the attacker receives it, they change the visible layer to another one.
Because the layer was included in the original document that the victim signed, changing the layer's visibility doesn't break the cryptographic signature and allows the attacker to use the legally-binding document for nefarious actions -- such as replacing the payment recipient or sum in a PDF payment order or altering contract clauses.
New 'Shadow Attack' can replace content in digitally signed PDF files | ZDNet
What about the original .pdf that was signed and which the end user sees? If they download the .pdf, does it ensure it is the original that he signed?
None of this surprises me to be honest. The beauty is also the danger in technology, it is always changing, and the good guys will never be able to keep up with the bad guys. Businesses who offer these services will have to improve their security and reliability, , or they will go out of business.
My blocks and security settings found a version of nemucod in a file today, imbedded in a counter from Wayback Machine; I downloaded a html page giving the history of the Lake Shore and Michigan Southern. It changes pdf file extensions and the like, but I haven't found any bad one yet, so it didn't have time or my settings prevented it from doing anything. Probably yet another virus written by demented Linux cultists in The Great Windows Jihad.
- Jun 18, 2009
- 34,331
- 18,625
- 1,915
Is this in association with 'shopping cart' generated PDF receipts?Okay, this one has some potentially VERY serious ramifications.
The list of vulnerable applications includes Adobe Acrobat Pro, Adobe Acrobat Reader, Perfect PDF, Foxit Reader, PDFelement, and others, according to new research [PDF] published this week by academics from the Ruhr-University Bochum in Germany.
A Shadow Attack is when a threat actor prepares a document with different layers and sends it to a victim. The victim digitally signs the document with a benign layer on top, but when the attacker receives it, they change the visible layer to another one.
Because the layer was included in the original document that the victim signed, changing the layer's visibility doesn't break the cryptographic signature and allows the attacker to use the legally-binding document for nefarious actions -- such as replacing the payment recipient or sum in a PDF payment order or altering contract clauses.
New 'Shadow Attack' can replace content in digitally signed PDF files | ZDNet
- Thread starter
- #8
Don't know.Is this in association with 'shopping cart' generated PDF receipts?Okay, this one has some potentially VERY serious ramifications.
The list of vulnerable applications includes Adobe Acrobat Pro, Adobe Acrobat Reader, Perfect PDF, Foxit Reader, PDFelement, and others, according to new research [PDF] published this week by academics from the Ruhr-University Bochum in Germany.
A Shadow Attack is when a threat actor prepares a document with different layers and sends it to a victim. The victim digitally signs the document with a benign layer on top, but when the attacker receives it, they change the visible layer to another one.
Because the layer was included in the original document that the victim signed, changing the layer's visibility doesn't break the cryptographic signature and allows the attacker to use the legally-binding document for nefarious actions -- such as replacing the payment recipient or sum in a PDF payment order or altering contract clauses.
New 'Shadow Attack' can replace content in digitally signed PDF files | ZDNet
Latest Discussions
- Replies
- 20
- Views
- 267
- Replies
- 78K
- Views
- 1M
Forum List
-
-
-
-
-
Political Satire 8040
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
ObamaCare 781
-
-
-
-
-
-
-
-
-
-
-
Member Usernotes 469
-
-
-
-
-
-
-
-
-
-