Pages: [1] :: one page |
|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
DrysonBennington
Eagle's Talon's
8
|
Posted - 2012.08.07 23:40:00 -
[1] - Quote
***NEW SECURITY VULNERABILITY***
Adobe Acrobat X Pro
Earlier today I was PDF'in a website so I could make a PDF of various manuals to read while offline.
While the AAXP was indexing the pages of the website a dialogue box appeared informing me that I was attemping to access restricted areas of the website and then prompted me to enter a user name and password.
At first I thought that AAXP needed my permission to store the the pages on my laptop but after entering several usernames and passwords I realized that AAXP needed my permission to access the restricted information in order to copy the classified pages into the PDF.
I didn't think anything of it until a few moments ago when I realized that an entire website can be made into a PDF and if a hacker had the right tools they could hack the security by providing accurate credentials that allow AAXP to PDF the restricted information.
Once the restricted information had been copied into the PDF all the hacker need do is open the PDF to the restricted area to read the restricted information protected by the user/password barrier.
With all of the Net traffic these days it would be almost impossible to determine if AAXP was being used in a maliscious attack.
Just imagine someone using AAXP to PDF an entire bank website and being able to hack into the restricted areas to gather information on transactions, account balances, account information, credit card numbers, etc.
I would have to say that the next level of hacker will try to use AAXP to copy target sites into PDF's where they will then analyze the PDF for any weaknesses so they can hack the site to get your money.
|
Blane Xero
The Firestorm Cartel
44
|
Posted - 2012.08.08 00:42:00 -
[2] - Quote
And at which point did AAXP allow you to circumvent the need for a password, thereby making it a vulnerability to websites? Resident Haruhiist since December 2008.
Laying claim to Out of Pod Experience since 2007, plain and simple. Keep the trash out of Out Of Pod Experience, If it's EVE Related or deserves a Lock, it does not belong here. |
Blane Xero
The Firestorm Cartel
44
|
Posted - 2012.08.08 00:52:00 -
[3] - Quote
DrysonBennington wrote:Just imagine someone using AAXP to PDF an entire bank website and being able to hack into the restricted areas to gather information on transactions, account balances, account information, credit card numbers, etc.
I would have to say that the next level of hacker will try to use AAXP to copy target sites into PDF's where they will then analyze the PDF for any weaknesses so they can hack the site to get your money.
Having now read this, I have to demand you stop right here. You know absolutely nothing about what you are attempting to scaremonger and it is posts on the internet like this that have all my internet not-savvy friends forwarding me emails about Virus Warnings from Microsoft about a Big Virus that could Take Out Skynet if we don't unplug our machines on dd/mm/yyyy hh/mm/ss.
1. Banks do not store Credit Card information on a website, they store them inside Databases. Most of these databases being completely cut off from any external network, i.e the Internet. 2. AAXP still prompted you for a password, which, if you attempted to browse those locked down pages, so would Firefox, Chrome, IE, Opera, etc. Surprise Surprise, pages password locked require passwords when attempted to be accessed.
Now that I've got that out of the way, I would request that you *promptly* edit your thread and request it being locked, and if you feel so inclined, do some research about things like this before you attempt to be the cool guy with the inside scoop. Otherwise the hackers will get you. Resident Haruhiist since December 2008.
Laying claim to Out of Pod Experience since 2007, plain and simple. Keep the trash out of Out Of Pod Experience, If it's EVE Related or deserves a Lock, it does not belong here. |
Domer Pyle
Northwest Industries International Technical Exploration Conglomerate of Hemera
13
|
Posted - 2012.08.09 07:49:00 -
[4] - Quote
lol ^^ |
Alpheias
Euphoria Released Verge of Collapse
753
|
Posted - 2012.08.09 07:54:00 -
[5] - Quote
Hardly surprising, Adobe is tied with Apple on having the most security flaws. I'd kill kittens and puppies and bunnies I'd maim toddlers and teens and then more |
DrBiologist
W.A.S.P Curatores Veritatis Alliance
0
|
Posted - 2012.08.09 09:03:00 -
[6] - Quote
OP got owned |
Sarik Olecar
Royal Amarr Institute Amarr Empire
115
|
Posted - 2012.08.10 14:53:00 -
[7] - Quote
DrBiologist wrote:OP got owned
op? owned?
opwned?
Can this be a thing? |
Blane Xero
The Firestorm Cartel
48
|
Posted - 2012.08.10 15:34:00 -
[8] - Quote
Sarik Olecar wrote:DrBiologist wrote:OP got owned op? owned? opwned?Can this be a thing? You can blane it on me, but I take xero responsibility.
Ps. POwned makes more sense. [Pwned, Post Owner, Owned, etc] Resident Haruhiist since December 2008.
Laying claim to Out of Pod Experience since 2007, plain and simple. Keep the trash out of Out Of Pod Experience, If it's EVE Related or deserves a Lock, it does not belong here. |
Elias Greyhand
Potentially Irresponsible
10
|
Posted - 2012.08.10 15:41:00 -
[9] - Quote
Oh my golly gosh...
Head for the hills! The Russians are coming!
Or something. |
DrysonBennington
Eagle's Talon's
8
|
Posted - 2012.08.17 13:57:00 -
[10] - Quote
2. AAXP still prompted you for a password, which, if you attempted to browse those locked down pages, so would Firefox, Chrome, IE, Opera, etc. Surprise Surprise, pages password locked require passwords when attempted to be accessed.
What was that about BROWSING a website?
I never said anything about browsing a website which is completely different than using AXXP to make a copy of the entire website.
Browsing a website I have never come across a section telling me that I had accessed a restricted area and needed a password to access the secure area.
There must have been a reason for the secuirty protocol, most likely because the secure area contained user account information and passwords that if accessed could be added to a hackers database to build a composite file of various information.
Information that in the right hands could then be used to create a pathway to more secure information.
And you are wrong.
Banks keep their information on site on their servers that the tellers use to access our bank accounts.
Some may keep the information off site while others may keep the information on site.
I havent's tried copying a banks entire website using AXXP to see if I come across any restricted areas that would prompt me for a user name and password.
Such information is just as golden to a hacker for numerous reasons.
1.Deposits made electronically to a debit card or bank card would have the routing information stored within the banks database.
If a hacker is able to create a breach into this base then they will be able to gather information about all transfers on the account which would include credit card numbers. |
|
Rashmika Clavain
Shadows Of The Federation Drunk 'n' Disorderly
18
|
Posted - 2012.08.17 15:23:00 -
[11] - Quote
Phew, I'm using Acrobat 8, so I should be safe! |
Blane Xero
The Firestorm Cartel
53
|
Posted - 2012.08.18 15:39:00 -
[12] - Quote
DrysonBennington wrote:Browsing a website I have never come across a section telling me that I had accessed a restricted area and needed a password to access the secure area.
Try to get to the Account Management section of Eve Online without a password.
Try to upload things to youtube or comment without a password.
Your logic is about as well formed as falling custard.
Mmm, custard.
DrysonBennington wrote:There must have been a reason for the secuirty protocol, most likely because the secure area contained user account information and passwords that if accessed could be added to a hackers database to build a composite file of various information.
Information that in the right hands could then be used to create a pathway to more secure information.
Again you're throwing together techie words like Hacker and Database and Security Protocol without having a goddamn clue about the subject you're trying to raise awareness of [falsely, might I add]
DrysonBennington wrote:And you are wrong.
Trust me, on a scale of Wrong, you've far surpassed me, jumped off the pier, fallen down the Niagra falls, come out the other side of the planet, started running and lapped me- twice.
You're worrying about something that is irrelevant and a non-issue. You're creating fear and panic mongering with theories you have no ******* clue about factually. The issue you're claiming exists only in your head as a security risk as, and I emphasise, the internet does not work the way you are proposing.
DrysonBennington wrote:Banks keep their information on site On site does not mean on a website. On site means on location, within a certain distance to a building or physical location.
Please just shut up already.
Idiot wrote:on their servers that the tellers use to access our bank accounts.
They're still entirely disconnected from external networks like Websites on the Internet. So.... I guess where I'm going with this is...
Resident Haruhiist since December 2008.
Laying claim to Out of Pod Experience since 2007, plain and simple. Keep the trash out of Out Of Pod Experience, If it's EVE Related or deserves a Lock, it does not belong here. |
Blane Xero
The Firestorm Cartel
53
|
Posted - 2012.08.18 15:39:00 -
[13] - Quote
DrysonBennington wrote:I am an idiot. Disregard anything I have said in this thread, I was attempting to be informative about a subject I knew little to nothing about. I was afraid and panicked about a situation that - when reviewing the facts - does not exist. I apologise for wasting both your time, and my own, in writing this thread. I will now attempt to educate myself before others and read into what I am worried about. Thank you for your time, goodbye.
You're welcome.
Resident Haruhiist since December 2008.
Laying claim to Out of Pod Experience since 2007, plain and simple. Keep the trash out of Out Of Pod Experience, If it's EVE Related or deserves a Lock, it does not belong here. |
|
|
|
Pages: [1] :: one page |
First page | Previous page | Next page | Last page |