All the latest UK technology news, reviews and analysis
|
|
|
30 Sep 2010
Security experts at the Virus Bulletin 2010 conference have voted overwhelmingly to abolish Adobe's PDF standard and replace it with a safer format.
Paul Baccus, a senior threat researcher at Sophos, conducted a straw poll on the future of PDF during a conference session, and found that 97 per cent favour dumping the standard and working on a safer format with better software security.
Baccus then asked whether anyone from Adobe was in the audience. After a pause a voice at the back shouted: "Of course not, it's a security conference."
The poll was unofficial, but did highlight growing concerns in the security community about Adobe's software after a string of attacks against the code.
Graham Cluley, senior technology consultant at Sophos, told V3.co.uk that Adobe is taking steps to improve the situation, but is "increasingly seen as the new Microsoft".
"Microsoft has improved dramatically on its software security and now hackers are going after Flash and PDF because they are almost as widespread as Windows, " he said.
The annual Virus Bulletin conference, held in Vancouver this year, has attracted 600 security experts from the private and public sectors around the world.
The opening keynote was given by a Facebook staffer who talked of the increasing problems caused by online crime moving into social networking.
However, some delegates criticised the presentation as being too limited and lacking serious information sharing. No copies of the presentation were distributed.
Day two of the conference on 30 September will see a number of presentations on the Stuxnet worm which recently hit an Iranian nuclear facility.
Tonight, however, the security researchers will be living it up as only they know how, according to Cluley.
"We're having a welcome reception after the first day's sessions, and then it's time for the entertainments, which this year will include checkers and chess. We know how to party in Vancouver," he said.
Latest stories from Security
Related videos
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
TFL director of Games transport Mark Evers discusses how the public transport network is preparing for this summer's event
Connect with V3.co.uk
The wrong printers, for the wrong tasks on the wrong contracts
Who leads the BI pack and who should we be watching out for?
Opportunity to join a rapidly expanding Microsoft Consultancy...
Technical Architect - UC/Video Conferencing/VAAS Inspire...
A busy organisation in Glasgow is looking for a skilled...
Test, Python, Shell, Automation, Manual My client...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Is the problem the PDF spec, or the reader s/w
The 'printing' aspects of the ISO 32000 spec are not the problem, but readers/viewers can always have errors exposing them to 'buffer overflow' attacks. That being said, the PS, Javascript and 'baggage' formats for sound, video, 3DIF, etc. make a PDF that has those elements may make even more 'holes' available. PS is particularly insecure since it (as defined by Adobe) has operators for indiscriminate file system access (reading, writing, rename, delete, enumeration). A PS interpreter can run with these operators "locked down", such as Ghostscript's "-dSAFER" mode, but that's specific to one (very popular) PS interpreter.
Posted by: Ray Johnston 29 Apr 2011
t.a.
That is very funny:(. First of all, pdf format shouldn't have had been adopted because postscript (also by Adobe) language is complete and less processor intensive and less prone to attacks. Unfortunately, like every good product it's lack of support and marketing gave pdf enough space to evolve and conquer area of printing. Funny thing is saying that Adobe is not security aware. Like Microsoft, Adobe issues security patches at high speed and products are vulnerable because they are used on 100 of millions of computers. Just wondering, do you really think that if new standard is accepted it won't be so vulnerable as pdf? Like OS X comparing to Microsoft? Looking forward to see all you smart asses creating something better :)
Posted by: Mirko S. Zlikovski 04 Oct 2010
Checkers and chess!!!
No wonder I never knew about this conference. It doesn't include drinking, debauchery, and pool parties. We must ask this question at Defcon next year, and make it a ballot. I use third party pdf readers, however, I agree we need to abolish flash, adobe, and all similarly weak software.
Posted by: dc0de 01 Oct 2010
Security experts vote to outlaw PDF standard
how many people actually use adobe's own reader, rather than a no name alternative?
Posted by: k. 30 Sep 2010