Saturday, December 12, 2009

PDFs and security

First b4 going to special issues here's a nice blog post about pdf optionals
http://www.tothepc.com/archives/5-alternatives-to-ever-so-slow-adobe-pdf-reader/

now for the juicy stuff


A) If you SECURE a pdf file by clicking on the SECURE button without giving a password, it just turns a bit on/off. most secondary [non adobe] pdf viewers dont even consider this as protected.

B) If you add text frames/to hide data like tables in sample pdf files using an online pdf viewer such as PDFescape which doesnt show these will render your "security" system helpless:

i.e.

take this document
http://www.the-infoshop.com/report/bc28878_forensic_business_toc.html
the Full document costs a little under 5000 dollars to purchase
too bad they dont pay the IT guys alot

download the sample file [fill in garbage they dont even check your email] and get the file.
read it with Adobe Acrobat Reader.

Nice huh ? Sample Boxes are a big hoot.

Now upload it to a less standardized pdf viewer such as PDFescape .

so ? how's security now ?

we didnt even do anything.
we just uploaded it to a viewer that cant show adobe 6+ additions and that's all the security these guys can muster.
it makes me sad, I mead there is real security available for adobe, but it's 3rd party and must be bought corporately. This is what happens when IT is outsourced and becomes too far from the company execs, with no RELAIBLE - thinking about your benefit - not afraid to loose you as a customer - IT VP, I'm sure these guys would think twice.

So summary

Adobe Security - rotten
Adobe optional viewers - excellent.

bye

No comments: