Potential Disaster Format

25/09/2007 Written by tripwire

Highly sen­si­tive Fer­rari and McLaren infor­ma­tion, from the World Motor Sports Coun­cil hear­ings into the espi­onage affair in July and Sep­tem­ber, has been leaked by the FIA by “a mis­take”.

The mis­take that was made is extra­or­di­nar­ily brain­less: the areas of the pub­lished doc­u­ments that were blacked out in an attempt to cen­sor parts of the papers, could eas­ily be revealed by sim­ply copy­ing and past­ing the text into a new doc­u­ment.

Such an error also hap­pened in a much wor­ry­ing and seri­ous sit­u­a­tion in 2005, when the Pen­ta­gon released a “cen­sored” doc­u­ment about the infa­mous “Cali­pari case”, an Ital­ian secret ser­vice agent which was shot dead by an Amer­i­can sol­dier at a check­point in Bagh­dad, while on a hostage res­cue mis­sion (the hostage and the dri­ver were both injured as well).

In that case, too, the black­ened sen­tences in the Pen­ta­gon report could eas­ily be recov­ered by just copy­ing and past­ing the text.

Inter­est­ingly, after a few days, Ital­ian inves­ti­ga­tors on the case released an incom­plete report on the inci­dent which didn’t include any infor­ma­tion from the black­ened parts of the Pen­ta­gon doc­u­ment, com­plain­ing that the Amer­i­cans didn’t want to dis­close impor­tant pieces of infor­ma­tion: quite amaz­ingly, they didn’t real­ize that the hid­den text could be eas­ily read.

In both cases, the authors of the PDF files didn’t bother to encrypt the files in order to pro­tect them from mod­i­fi­ca­tion and copy­ing, although this fea­ture is avail­able in every PDF-​authoring pro­grams since acro­bat 3 come out in 2001, 6 years ago.

The obser­va­tion that aver­age users are unaware of the con­se­quences of the sim­plest actions that they per­form on a PC is sad­den­ing: these mis­takes can­not be con­sid­ered for­giv­able or inevitable any­more, espe­cially in envi­ron­ments where sen­si­tive infor­ma­tion is pro­duced and shared on a reg­u­lar basis (indus­try, gov­ern­ment, mil­i­tary, and so on).

To make and share a PDF with the whole world “seems” easy, but it turns out that even such a sim­ple feat cre­ates huge prob­lems even in places where ICT secu­rity train­ing should be a pre­req­ui­site.

Our job as secu­rity experts should be to explain to our cus­tomers that teach­ing the basics of per­sonal com­put­ing and ris­ing the secu­rity aware­ness of their users is not optional any­more. This is espe­cially true with innocent-​looking things like PDF files and the related soft­ware view­ers (Acro­bat above all), which were not designed with secu­rity in mind.

As already dis­cussed in a pre­vi­ous arti­cle ( http://​www​.zone​-​h​.org/​c​o​n​t​e​n​t​/​v​i​e​w​/​1​4​8​26/1/ ) PDF files can also be used as a sneaky vec­tor for viral infec­tions (PDF email attach­ments car­ry­ing viruses were first dis­cov­ered in 2001) and for more elab­o­rate, newer kind of attacks.

The lat­est secu­rity alert come in yes­ter­day, when it was dis­closed (but appar­ently not released in the form of a POC) that it is pos­si­ble in Win­dows XP /​2003 to exe­cute a mali­cious JavaScript from within Adobe Acro­bat, by embed­ding it in a spe­cially crafted PDF doc­u­ment.

This is bad, bad news. The US-​CERT issued a report on sept. 24 that rec­om­mends to avoid open­ing unso­licited or untrusted PDF files, and to dis­able the dis­play­ing of PDF doc­u­ments in the web browser.

I would also sug­gest to dis­able JavaScript exe­cu­tion (which doesn’t require any user approval) in Adobe Acro­bat — which can be a huge task to accom­plish if an orga­ni­za­tion has more than a few clients installed.

So, not only end users don’t have a clue about how to securely cre­ate and share PDF doc­u­ments, but, once again, a mostly use­less, rarely used fea­ture which is enabled by default in an appar­ently inno­cent piece of ubiq­ui­tous soft­ware could become a secu­rity night­mare on a global scale.

Since it’s just a mat­ter of time before some­one will make the night­mare become real­ity, we might rename it the Poten­tial Dis­as­ter For­mat.


Share this content: