Google’s possible withdrawal from China because of hacker attacks has been big news, and now reports suggest that Adobe was targeted by the same attackers. The takeaway lesson? Plug those holes in your PDF security arrangements pronto.
Computerworld reports that Adobe has confirmed that it was subject to attacks around the same time as Google, while other researchers are suggesting that the vulnerabilities exploited by the hackers may have involved using carefully-constructed PDF files.
While the reality is likely to be more complex, the incident serves as a reminder that PDF files are a prime source of security problems. One straightforward way to minimise those issues is to switch from the bloated Adobe Reader and use an alternative PDF reader; our Hive Five is a good place to start hunting.
Hackers used rigged PDFs to hit Google — and Adobe, says researcher [Computerworld]
Blake
Friday, January 15, 2010 at 9:01 AMBTW, your source has updated the vulnerability from PDF to IE.
http://www.computerworld.com/s/article/9144844/Hackers_used_IE_zero_day_not_PDF_in_China_Google_attacks?taxonomyId=17
PK
Friday, January 15, 2010 at 9:09 AMCan it be related to this incident reported in an Indian website.
Indian Govt was (tried to) hacked by Chinese hackers using PDF
http://www.hindustantimes.com/No-breach-in-computer-security-system-PMO/H1-Article1-497598.aspx
Alan Burchill
Friday, January 15, 2010 at 10:12 AMSee my article here on how to use group policy to make Adobe Reader more secure by disabling JavaScript http://www.grouppolicy.biz/2010/01/how-to-make-adobe-reader-more-secure-using-group-policy/