View Poll Results: Do we really need JS functionality in PDFs?
- Voters
- 4. You may not vote on this poll
-
January 16th, 2010, 01:12 AM
#1
Disable JS in PDFs with a GPO
Hey folks, I am sure you are all aware of the rising problems with malicious PDFs. Most of them make use of JS within the PDF. I came across an article that walks you through disabling javascript in PDFs using group policy.
http://praetorianprefect.com/archive...he-enterprise/
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
-HST
-
January 19th, 2010, 02:32 AM
#2
The Wolfman is very excited to bring this article to his work tomorrow. I was not aware GPO could disable Java in Acrobat. Very cool indeed.
This PDF exploit has been bothering us for a while now....
Thanks Westin
-
January 19th, 2010, 04:58 PM
#3
The real question here is why does Adobe require it be turned on for all documents if you view a document with js. Why can't I enable it only for the current document?
If you spend more on coffee than on IT security, you will be hacked. What\'s more, you deserve to be hacked.
-- former White House cybersecurity adviser Richard Clarke
-
January 19th, 2010, 07:28 PM
#4
Junior Member
They should do like Microsoft does with macros in office documents. Ask the user if he want to enable JS for the document he is opening.
-xqus
-"I don't need no stinking spel checkre!"
-
January 19th, 2010, 10:42 PM
#5
Despite Danger, Adobe Says JavaScript Support Important
~~
In a Q&A ( listen to podcast) with Threatpost editors Dennis Fisher and Ryan Naraine, Adobe security chief Brad Arkin says the removal of JavaScript support is a non-starter because it's an integral part of how users do form submissions.
"Anytime you’re working with a PDF where you’re entering information, JavaScript is used to do things like verify that the date you entered is the right format. If you’re entering a phone number for a certain country it’ll verify that you’ve got the right number of digits. When you click “submit” on the form it’ll go to the right place. All of this stuff has JavaScript behind the scenes making it work and it's difficult to remove without causing problems," Arkin explained.
http://threatpost.com/en_us/blogs/de...s+Most+Popular
I am not sure that the pros outweigh the cons...
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
-HST
-
January 19th, 2010, 11:03 PM
#6
I don't know about you guys and your work, but it turns out a lot of companies here in Canada do require javascript scripting in Adobe Reader.
The Wolfman was in meetings all day regarding this PDF issue, and the developers were quite clear that javascript is required for the majority of their custom forms.
Who would have thought....
And why are we still concerned about this PDF issue and not Aurora?
-
January 19th, 2010, 11:48 PM
#7
Originally Posted by wolfman1984
I don't know about you guys and your work, but it turns out a lot of companies here in Canada do require javascript scripting in Adobe Reader.
The Wolfman was in meetings all day regarding this PDF issue, and the developers were quite clear that javascript is required for the majority of their custom forms.
Who would have thought....
And why are we still concerned about this PDF issue and not Aurora?
Heh. I work at a school. Haven't had any complaints yet. As far as Aurora, MS is supposedly going to come out with an emergency patch this Friday. ??
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
-HST
Similar Threads
-
By akachuckie in forum The Security Tutorials Forum
Replies: 8
Last Post: February 24th, 2005, 01:47 AM
-
By Tiger Shark in forum Microsoft Security Discussions
Replies: 5
Last Post: January 14th, 2005, 08:47 PM
-
By gizmofreak in forum AntiOnline's General Chit Chat
Replies: 2
Last Post: December 7th, 2003, 06:43 PM
-
By spools.exe in forum Microsoft Security Discussions
Replies: 3
Last Post: October 4th, 2003, 11:54 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|