Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Re: Does a secure pdf reader/creator exist?
From: "Nicholas B." <nberthaume () gmail com>
Date: Sat, 18 Sep 2010 13:59:51 -0400

I do typically use this method, but it is not without risks... if google's
pdf rendering software is vulnerable it could potentially be leveraged to
compromise your google services account, render XSS and so on.  So long as
adobe and others continue to add "features" and readers attempt to implement
these into their software you can never be assured of software that will do
so without introducing a bug that could introduce security issues.

On Fri, Sep 17, 2010 at 1:52 PM, Craig Freyman <craigfreyman () gmail com>wrote:

You can use google docs and have it render the PDF for you. That would be a
nightmare with multi-k users but it's a good way to go from a security
perspective.


On Fri, Sep 17, 2010 at 11:04 AM, Gregory Baker <
travelingregbaker () yahoo com> wrote:

Greetings to all,

We all know that PDF (reader/creator) software is such a exploit target
nowadays. Yes, there are ways to mitigate the risks by turning off java and
the like.

We did a survey of our multi-k user base and NOBODY is using any of the
fancy bloat features built into the current rev PDF software across 50k+ pdf
files in our datastores.

So this begs the question in the subject line. We've looked at most of the
alternatives out there like foxit & nitro and it appears that they are going
down the same path as Adobe but just lagging behind. The creation tools are
secondary as most of the OS vendors are close to building this function into
the OS. Its the unsecure readers that are the problem.

Cost is somewhat secondary at this point as our resources are increasingly
being gobbled up with Adobe patching compliance.

Has anybody come across a secure pdf reader?

Thanks for the sage replies.


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]