Shadow Attacks: Hiding and Replacing Content in Signed Pdfs
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Vulnerability Report Attacks Bypassing Confidentiality in Encrypted PDF
Vulnerability Report Attacks bypassing confidentiality in encrypted PDF Jens M¨uller1, Fabian Ising2, Vladislav Mladenov1, Christian Mainka1, Sebastian Schinzel2, J¨orgSchwenk1 May 16, 2019 1Chair for Network and Data Security 2FH M¨unsterUniversity of Applied Sciences Abstract In this report, we analyze PDF encryption and show two novel techniques for breaking the confidentiality of encrypted documents. Firstly, we abuse the PDF feature of partially encrypted documents to wrap the encrypted part of the document within attacker-controlled content and therefore, exfiltrate the plaintext once the document is opened by a legitimate user. Secondly, we abuse a flaw in the PDF encryption specification allowing an attacker to arbitrarily manipulate encrypted content without knowing the cor- responding key/password. The only requirement is one single block of known plaintext, which we show is fulfilled by design. By using exfiltration channels our attacks allow the recovery of the entire plaintext or parts of it within an encrypted document. The attacks rely only on standard compliant PDF features. We evaluated our attacks on 27 widely used PDF viewers and found all of them vulnerable. 1 Contents 1 Background4 1.1 Portable Document Format (PDF) . .4 1.2 PDF Encryption . .6 1.3 PDF Interactive Features . .7 2 Attacker Model8 3 PDF Encryption: Security Analysis9 3.1 Partial Encryption . .9 3.2 CBC Malleability . 10 3.3 PDF Interactive Features . 12 4 How To Break PDF Encryption 14 4.1 Direct Exfiltration (Attack A) . 14 4.1.1 Requirements . 15 4.1.2 Direct Exfiltration through PDF Forms (A1) . 15 4.1.3 Direct Exfiltration via Hyperlinks (A2) . -
LS-09EN. OS Permissions. SUID/SGID/Sticky. Extended Attributes
Operating Systems LS-09. OS Permissions. SUID/SGID/Sticky. Extended Attributes. Operating System Concepts 1.1 ys©2019 Linux/UNIX Security Basics Agenda ! UID ! GID ! Superuser ! File Permissions ! Umask ! RUID/EUID, RGID/EGID ! SUID, SGID, Sticky bits ! File Extended Attributes ! Mount/umount ! Windows Permissions ! File Systems Restriction Operating System Concepts 1.2 ys©2019 Domain Implementation in Linux/UNIX ! Two types domain (subjects) groups ! User Domains = User ID (UID>0) or User Group ID (GID>0) ! Superuser Domains = Root ID (UID=0) or Root Group ID (root can do everything, GID=0) ! Domain switch accomplished via file system. ! Each file has associated with it a domain bit (SetUID bit = SUID bit). ! When file is executed and SUID=on, then Effective UID is set to Owner of the file being executed. When execution completes Efective UID is reset to Real UID. ! Each subject (process) and object (file, socket,etc) has a 16-bit UID. ! Each object also has a 16-bit GID and each subject has one or more GIDs. ! Objects have access control lists that specify read, write, and execute permissions for user, group, and world. Operating System Concepts 1.3 ys©2019 Subjects and Objects Subjects = processes Objects = files (regular, directory, (Effective UID, EGID) devices /dev, ram /proc) RUID (EUID) Owner permissions (UID) RGID-main (EGID) Group Owner permissions (GID) +RGID-list Others RUID, RGID Others ID permissions Operating System Concepts 1.4 ys©2019 The Superuser (root) • Almost every Unix system comes with a special user in the /etc/passwd file with a UID=0. This user is known as the superuser and is normally given the username root. -
Android Euskaraz Windows Euskaraz Android Erderaz Windows Erderaz GNU/LINUX Sistema Eragilea Euskeraz Ubuntu Euskaraz We
Oharra: Android euskaraz Windows euskaraz Android erderaz Windows erderaz GNU/LINUX Sistema Eragilea euskeraz Ubuntu euskaraz Web euskaraz Ubuntu erderaz Web erderaz GNU/LINUX Sistema Eragilea erderaz APLIKAZIOA Bulegotika Adimen-mapak 1 c maps tools 2 free mind 3 mindmeister free 4 mindomo 5 plan 6 xmind Aurkezpenak 7 google slides 8 pow toon 9 prezi 10 sway Bulegotika-aplikazioak 11 andropen office 12 google docs 13 google drawing 14 google forms 15 google sheets 16 libreoffice 17 lyx 18 office online 19 office 2003 LIP 20 office 2007 LIP 21 office 2010 LIP 22 office 2013 LIP 23 office 2016 LIP 24 officesuite 25 wps office 26 writer plus 1/20 Harrobi Plaza, 4 Bilbo 48003 CAD 27 draftsight 28 librecad 29 qcad 30 sweet home 31 timkercad Datu-baseak 32 appserv 33 dbdesigner 34 emma 35 firebird 36 grubba 37 kexi 38 mysql server 39 mysql workbench 40 postgresql 41 tora Diagramak 42 dia 43 smartdraw Galdetegiak 44 kahoot Maketazioa 45 scribus PDF editoreak 46 master pdf editor 47 pdfedit pdf escape 48 xournal PDF irakurgailuak 49 adobe reader 50 evince 51 foxit reader 52 sumatraPDF 2/20 Harrobi Plaza, 4 Bilbo 48003 Hezkuntza Aditzak lantzeko 53 aditzariketak.wordpress 54 aditz laguntzailea 55 aditzak 56 aditzak.com 57 aditzapp 58 adizkitegia 59 deklinabidea 60 euskaljakintza 61 euskera! 62 hitano 63 ikusi eta ikasi 64 ikusi eta ikasi bi! Apunteak partekatu 65 flashcard machine 66 goconqr 67 quizlet 68 rincon del vago Diktaketak 69 dictation Entziklopediak 70 auñamendi eusko entziklopedia 71 elhuyar zth hiztegi entziklopedikoa 72 harluxet 73 lur entziklopedia tematikoa 74 lur hiztegi entziklopedikoa 75 wikipedia Esamoldeak 76 AEK euskara praktikoa 77 esamoldeapp 78 Ikapp-zaharrak berri Estatistikak 79 pspp 80 r 3/20 Harrobi Plaza, 4 Bilbo 48003 Euskara azterketak 81 ega app 82 egabai 83 euskal jakintza 84 euskara ikasiz 1. -
Linux Filesystem Hierarchy Chapter 1
Linux Filesystem Hierarchy Chapter 1. Linux Filesystem Hierarchy 1.1. Foreward When migrating from another operating system such as Microsoft Windows to another; one thing that will profoundly affect the end user greatly will be the differences between the filesystems. What are filesystems? A filesystem is the methods and data structures that an operating system uses to keep track of files on a disk or partition; that is, the way the files are organized on the disk. The word is also used to refer to a partition or disk that is used to store the files or the type of the filesystem. Thus, one might say I have two filesystems meaning one has two partitions on which one stores files, or that one is using the extended filesystem, meaning the type of the filesystem. The difference between a disk or partition and the filesystem it contains is important. A few programs (including, reasonably enough, programs that create filesystems) operate directly on the raw sectors of a disk or partition; if there is an existing file system there it will be destroyed or seriously corrupted. Most programs operate on a filesystem, and therefore won't work on a partition that doesn't contain one (or that contains one of the wrong type). Before a partition or disk can be used as a filesystem, it needs to be initialized, and the bookkeeping data structures need to be written to the disk. This process is called making a filesystem. Most UNIX filesystem types have a similar general structure, although the exact details vary quite a bit. -
Curso Básico Sobre Uso Docente Del Software Libre
Curso básico sobre uso docente del Software Libre 11 de enero de 2018 - 8 de febrero de 2018 Plan FIDO 2018-2020 Autora: María Isabel García Arenas Contacto: [email protected] Presentación del Curso - Maribel García Arenas - José Alonso Arias 2 Contenidos 1. Qué es el software Libre a. Cómo comprobar si lo que usamos es software libre o software gratuito b. Tipos de licencias que nos podemos encontrar c. Por qué es la mejor opción para impartir docencia d. Alternativas, cómo buscarlas y cómo descargarlas e instalarlas 2. Libreoffice Write a fondo a. Tratamiento de estilos dentro de un documento b. Definición de nuevos estilos c. Tratamiento de la bibliografía d. Generación automática de índices, tablas de figuras, etc. 3. Libreoffice Calc a fondo a. Tratamiento de fórmulas b. Tratamiento de plantillas c. Plantillas de corrección de exámenes tipo test 3 Contenidos 4. Derechos de autor a. Qué sí y qué no podemos hacer b. Generación de materiales docentes respetando los derechos de autor c. Búsqueda de imágenes y recursos que sí podemos usar 5. Otros tipos de herramientas a. Imágenes (editores, capturadores b. Gestores de copias de seguridad c. Clientes de correo 4 Planificación 11 18 25 1 8 ene ene ene feb feb Qué es Software Libre Libreoffice Writer Libreoffice Calc Derechos de autor Otras herramientas Maribel José Alonso Maribel Maribel José Alonso Horario de 9:30 a 13:30 5 Día 1: ¿Qué es Software Libre? 6 Índice 1. ¿Qué es el software Libre? 2. Cómo comprobar si lo que usamos es software libre o sólo software gratuito 3. -
(Bachelor, Master, Or Phd) and Which Software Tools to Use How to Write A
2.6.2016 How to write a thesis (Bachelor, Master, or PhD) and which software tools to use SciPlore Home Projects Publications About & Contact How to write a thesis (Bachelor, Master, or PhD) and Home / HOW TOs, sciplore mindmapping / which software tools to use How to write a thesis (Bachelor, Master, or PhD) and which software tools to use Previous Next How to write a thesis (Bachelor, Master, or PhD) and which software tools to use Available translations: Chinese (thanks to Chen Feng) | Portuguese (thanks to Marcelo Cruz dos Santos) | Russian (thanks to Sergey Loy) send us your translation Writing a thesis is a complex task. You need to nd related literature, take notes, draft the thesis, and eventually write the nal document and create the bibliography. Many books explain how to perform a literature survey and how to write scholarly literature in general and a thesis in particular (e.g. [1-9]). However, these books barely, if at all, cover software tools that help in performing these tasks. This is surprising, because great software tools that can facilitate the daily work of students and researchers are available and many of them for free. In this tutorial, we present a new method to reviewing scholarly literature and drafting a thesis using mind mapping software, PDF readers, and reference managers. This tutorial focuses on writing a PhD thesis. However, the presented methods are likewise applicable to planning and writing a bachelor thesis or master thesis. This tutorial is special, because it integrates the management of PDF les, the relevant content in PDFs (bookmarks), and references with mind mapping and word processing software. -
Apple Has Built a Solution Into Every Mac
Overview Mac OS X iPhone iPod + iTunes Resources Vision Mac OS X solutions VoiceOver from third parties. Browse the wide variety of To make it easier for the blind and those with low-vision to use a accessibility solutions supported computer, Apple has built a solution into every Mac. Called VoiceOver, by Mac OS X. Learn more it’s reliable, simple to learn, and enjoyable to use. In Depth Device Support Application Support Downloads VoiceOver Application Support VoiceOver. A unique solution for the vision-impaired. Every new Mac comes with Mac OS X and VoiceOver installed and includes a variety of accessible More than 50 reasons to use applications. You can also purchase additional Apple and third-party applications to use with VoiceOver. VoiceOver. Learn more While this page lists a few of the most popular applications, many more are available. If you use an application with VoiceOver that’s not on this list, and you would like to have it added, send email to [email protected]. Unlike traditional screen readers, VoiceOver is integrated into the operating system, so you can start using new accessible applications right away. You don’t need to buy an update to VoiceOver, install a new copy, or add the application to a “white list.” Moreover, VoiceOver commands work the same way in every application, so once you learn how to use them, you’ll be able to apply what you know to any accessible application. Apple provides developers with a Cocoa framework that contains common, reusable application components (such as menus, text fields, buttons, and sliders), so developers don’t have to re-create these elements each time they write a new application. -
Kde-Guide-De-Developpement.Web.Pdf
KDE Published : 2017-06-26 License : GPLv2+ 1 KDE DU POINT DE VUE D'UN DÉVELOPPEUR 1. AVEZ-VOUS BESOIN DE CE LIVRE ? 2. LA PHILOSOPHIE DE KDE 3. COMMENT OBTENIR DE L'AIDE 2 1. AVEZ-VOUS BESOIN DE CE LIVRE ? Vous devriez lire ce livre si vous voulez développer pour KDE. Nous utilisons le terme développement très largement pour couvrir tout ce qui peut conduire à un changement dans le code source, ce qui inclut : Soumettre une correction de bogue Écrire une nouvelle application optimisée par la technologie KDE Contribuer à un projet existant Ajouter de la fonctionnalité aux bibliothèques de développement de KDE Dans ce livre, nous vous livrerons les bases dont vous avez besoin pour être un développeur productif. Nous décrirons les outils que vous devrez installer, montrer comment lire la documentation (et écrire la vôtre propre, une fois que vous aurez créé la nouvelle fonctionnalité !) et comment obtenir de l'aide par d'autres moyens. Nous vous présenterons la communauté KDE, qui est essentielle pour comprendre KDE parce que nous sommes un projet « open source », libre (gratuit). Les utilisateurs finaux du logiciel n'ont PAS besoin de ce livre ! Cependant, ils pourraient le trouver intéressant pour les aider à comprendre comment les logiciels complexes et riches en fonctionnalités qu'ils utilisent ont vu le jour. 3 2. LA PHILOSOPHIE DE KDE Le succès de KDE repose sur une vue globale, que nous avons trouvée à la fois pratique et motivante. Les éléments de cette philosophie de développement comprennent : L'utilisation des outils disponibles plutôt que de ré-inventer ceux existants : beaucoup des bases dont vous avez besoin pour travailler font déjà partie de KDE, comme les bibliothèques principales ou les « Kparts », et sont tout à fait au point. -
Filesystem Hierarchy Standard
Filesystem Hierarchy Standard LSB Workgroup, The Linux Foundation Filesystem Hierarchy Standard LSB Workgroup, The Linux Foundation Version 3.0 Publication date March 19, 2015 Copyright © 2015 The Linux Foundation Copyright © 1994-2004 Daniel Quinlan Copyright © 2001-2004 Paul 'Rusty' Russell Copyright © 2003-2004 Christopher Yeoh Abstract This standard consists of a set of requirements and guidelines for file and directory placement under UNIX-like operating systems. The guidelines are intended to support interoperability of applications, system administration tools, development tools, and scripts as well as greater uniformity of documentation for these systems. All trademarks and copyrights are owned by their owners, unless specifically noted otherwise. Use of a term in this document should not be regarded as affecting the validity of any trademark or service mark. Permission is granted to make and distribute verbatim copies of this standard provided the copyright and this permission notice are preserved on all copies. Permission is granted to copy and distribute modified versions of this standard under the conditions for verbatim copying, provided also that the title page is labeled as modified including a reference to the original standard, provided that information on retrieving the original standard is included, and provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. Permission is granted to copy and distribute translations of this standard into another language, under the above conditions for modified versions, except that this permission notice may be stated in a translation approved by the copyright holder. Dedication This release is dedicated to the memory of Christopher Yeoh, a long-time friend and colleague, and one of the original editors of the FHS. -
Breaking PDF Encryption
Practical Decryption exFiltration: Breaking PDF Encryption Jens Müller Fabian Ising Vladislav Mladenov [email protected] [email protected] [email protected] Ruhr University Bochum, Chair for Münster University of Applied Ruhr University Bochum, Chair for Network and Data Security Sciences Network and Data Security Christian Mainka Sebastian Schinzel Jörg Schwenk [email protected] [email protected] [email protected] Ruhr University Bochum, Chair for Münster University of Applied Ruhr University Bochum, Chair for Network and Data Security Sciences Network and Data Security ABSTRACT Home/Trusted Environment The Portable Document Format, better known as PDF, is one of the Decrypted Document 1. Victim opens 2. Exfiltrating Tax Declaration decrypted content most widely used document formats worldwide, and in order to en- an encrypted PDF file Scrooge McDuck with their password via the Internet sure information confidentiality, this file format supports document TOP SECRET Victim encryption. In this paper, we analyze PDF encryption and show Attacker two novel techniques for breaking the confidentiality of encrypted Victim’s PC documents. First, we abuse the PDF feature of partially encrypted documents to wrap the encrypted part of the document within Figure 1: An overview of the attack scenario: The victim attacker-controlled content and therefore, exfiltrate the plaintext opens an encrypted PDF document and unintentionally once the document is opened by a legitimate user. Second, we abuse leaks the decrypted content to an attacker-controlled server. a flaw in the PDF encryption specification to arbitrarily manipulate The encrypted PDF file was manipulated by the attacker be- encrypted content. -
Autodesk Alias 2016 Hardware Qualification
Autodesk Alias 2016 Hardware Qualification Updated June 1, 2015 Windows Mac OSX Build Information Products Platform Version Software Date Build Number • Autodesk AutoStudio • Autodesk Alias Surface 64-bit 2016 March 6, 2015 201503061129-441529 • Autodesk Alias Design Supported Operating Systems and CPU Platforms Operating System CPU Platform Windows 7 SP1 Intel Xeon (Enterprise, Ultimate or Professional) 64-bit Intel Core AMD Opteron Windows 8.0 or 8.1 Intel Xeon (Enterprise or Professional) 64-bit Intel Core AMD Opteron Important Notes • Alias AutoStudio, Automotive, Surface and Design fully support 64-bit environments. Running the 64-bit native version requires Windows 8 or 8.1 64-bit or Windows 7 64-bit operating system. • Certain 3rd party software may alter the processor affinity settings, affecting multi-cpu systems running Alias.exe and its spawned processes. To check the affinity setting, right-click on the Alias.exe process inside the Windows Task Manager and select Set Affinity... ensure that all available CPUs are enabled. • Alias or its component programs may not launch successfully depending on your Windows security settings. If this occurs, you may either unblock the program via the Windows Firewall Security Alert dialog, or add it as an Exception in the Exceptions Tab in the Windows Firewall dialog box. For more information, please see the Microsoft Update. Similar configurations are necessary for any third party firewall software, Please Read • It may be possible to successfully use Alias for Windows with a non-qualified configuration, however, Support and Maintenance programs will be subject to the Autodesk Support services guidelines. • The configurations shown are subject to change, and additional qualified configurations may be added after qualification testing has been carried out. -
Filesystem Hierarchy Standard
Filesystem Hierarchy Standard Filesystem Hierarchy Standard Group Edited by Rusty Russell Daniel Quinlan Filesystem Hierarchy Standard by Filesystem Hierarchy Standard Group Edited by Rusty Russell and Daniel Quinlan Published November 4 2003 Copyright © 1994-2003 Daniel Quinlan Copyright © 2001-2003 Paul ’Rusty’ Russell Copyright © 2003 Christopher Yeoh This standard consists of a set of requirements and guidelines for file and directory placement under UNIX-like operating systems. The guidelines are intended to support interoperability of applications, system administration tools, development tools, and scripts as well as greater uniformity of documentation for these systems. All trademarks and copyrights are owned by their owners, unless specifically noted otherwise. Use of a term in this document should not be regarded as affecting the validity of any trademark or service mark. Permission is granted to make and distribute verbatim copies of this standard provided the copyright and this permission notice are preserved on all copies. Permission is granted to copy and distribute modified versions of this standard under the conditions for verbatim copying, provided also that the title page is labeled as modified including a reference to the original standard, provided that information on retrieving the original standard is included, and provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. Permission is granted to copy and distribute translations of this standard into another language, under the above conditions for modified versions, except that this permission notice may be stated in a translation approved by the copyright holder. Table of Contents 1. Introduction........................................................................................................................................................1 1.1.