I skim-read, and was just about to download the Transparency Report Regarding Use of National Security Authorities from a web page run by the Office of the Director of National Intelligence, when I remembered spotting this:
[McAfeee] attributed the trend to Adobe’s greater popularity in mobile devices and non-Microsoft environments, coupled with the ongoing widespread use of PDF document files to convey malware.
Remember? Beware the ubiquitous PDF? Really?
Now I’m not paranoid … am I?
– P
Nope you aren’t paranoid. That has been a problem for more than a decade. This article is from 2001.
http://news.cnet.com/New+virus+travels+in+PDF+files/2100-1001_3-271267.html
PDF’s are a pretty good transport mechanism because they also have capabilities to carry content. They can also allow automatic linking to http and local execution of javascript or other scripting languages.
However it is the reader that does all of these things. I use Okular on linux rather than Acroread because as this comment points out..
Yes, not that I consider myself in any way a ‘target’* for state surveillance, but this post Why Small Businesses Are Lucrative Targets for Cyber Criminals and How to Protect Yours makes the point that there are plenty of other reasons for keeping up with security vigilance.
As for Acrobat Reader, sure, a tool that has greater capability for ‘usefulness’ has sometimes equally greater capacity to be misused. I remember disabling the macros in Microsoft Office when it was shown running a (Word, Excel) document could engage actions behind the scenes.
One of the useful documents I downloaded from the NSA website a few years back — when they were the good guys ….well, not really, but you know — was a (gasp) PDF: ‘Hardening tips for Mac OSX’ http://www.nsa.gov/ia/_files/factsheets/macosx_10_6_hardeningtips.pdf
It was after reading this I followed the NSA’s advice (“Don’t Surf or Read Mail Using Admin Account”) and changed my primary user account to one that doesn’t have admin privileges.
But, given Edward Snowden’s horrified reaction to Ewan Macaskill’s iPhone …
http://www.thepaepae.com/what-is-your-phone-and-your-internet-connection-blabbing-about-you/34783/
… I wonder.
* http://www.thepaepae.com/snowden-on-intelligence-agencies-owning-your-smartphone/34743/
Do you know how safe Apple’s Preview application is?
I don’t … but would be interested in a reply from someone knowledgable.
Given the events of several years now … i would think it would be most unwise to download anything (or even access without some sort of extreme level of IT protection … if such a thing is possible) from any nations National Security Service Website – but particularly linked with the yanks …i have no inside knowledge or expertise to offer … just it seems to be a commonsense approach?
Personally i suspect you are screwed whichever way you go these days unless you drop off the grid and live in a deserted part of Westland.
“screwed whichever way you go…”
Yes, I tend to agree, given the ‘sniff it all, collect it all, analyse it all” NSA/Five Eyes philosophy exposed via Edward Snowden’s revelations.
Not that I have personally got any reason to suspect I am a ‘person of interest’ … you know, any more than anyone else who felt discomforted by the extension of the GCSB’ surveillance powers & TICS Act and how they were passed into law.
– P