By continuing to use this site, you agree to our use of cookies. Find out more
Forum sponsored by:
Forum sponsored by Allendale Jan 24th

Academia.edu

a reminder about Privacy ...

All Topics | Latest Posts

Search for:  in Thread Title in  
John Baron03/04/2020 09:49:47
avatar
254 forum posts
110 photos
Posted by Bandersnatch on 02/04/2020 22:40:48:
Posted by John Baron on 02/04/2020 20:42:31:

The download is also a dangerous PDF file. I feel sorry for Wins users.

What's your basis for that, John?

I downloaded it and scanned it here with AVG and Bitdefender .... negative.

I then had it scanned with multiple engines at VirusTotal .... negative.

If you look through the file you will see that it contains code sequences that are read and executed.

084 0104 0105 0115 0105 0115 099 0111 0100 0101

Like this. This bit of code is not dangerous, just an illustration.

Meunier03/04/2020 21:22:56
306 forum posts
1 photos
Posted by Michael Gilligan on 03/04/2020 08:11:45:
Posted by Andrew Evans on 02/04/2020 22:13:58:

There you go Michael **LINK**

These are taken 25 years ago - I have digital copies of these but on old zip disks I can no longer read. Apologies for the photo quality, I used my mobile phone to photograph existing printed photographs.

All these are organic microfossils. These are dinoflagellates, foraminifera linings, scolecodont and plant spores from the Cretaceous chalks in Ireland and from oil exploration cores in the seas around Ireland. Plus an acritarch from the Silurian in Shropshire. […]

.

Many thanks, Andrew ... I was immediately intrigued by the acritarch : not only for its appearance, but because the word is new to me. /snip.

.

Many thanks from me too, Andrew. Any day when one learns something new is a successful day.
DaveD

Andrew Evans03/04/2020 22:55:40
311 forum posts
8 photos

That UCL site is a really good resource.

Bandersnatch04/04/2020 01:57:58
avatar
1571 forum posts
53 photos
Posted by John Baron on 03/04/2020 09:49:47:

If you look through the file you will see that it contains code sequences that are read and executed.

084 0104 0105 0115 0105 0115 099 0111 0100 0101

Like this. This bit of code is not dangerous, just an illustration.

Yet multiple virus scanners find nothing wrong. Doesn't say much for the effectiveness of the scanners does it? And presumably the same scanners wouldn't find any problems with any other pdf's that we all frequently download.

Hmmm.

John Baron04/04/2020 08:44:47
avatar
254 forum posts
110 photos
Posted by Bandersnatch on 04/04/2020 01:57:58:
Posted by John Baron on 03/04/2020 09:49:47:

If you look through the file you will see that it contains code sequences that are read and executed.

084 0104 0105 0115 0105 0115 099 0111 0100 0101

Like this. This bit of code is not dangerous, just an illustration.

Yet multiple virus scanners find nothing wrong. Doesn't say much for the effectiveness of the scanners does it? And presumably the same scanners wouldn't find any problems with any other pdf's that we all frequently download.

Hmmm.

Problem is that it is just text, nothing innocuous about that ! I'm sure that you have seen warnings about dangerous PDF documents.

By the way did you translate the numbers ?

Hexadecimal message in Glyph pictures....

https://gamefaqs.gamespot.com/boards/956856-assassins-creed-ii/52630448

SillyOldDuffer04/04/2020 10:00:25
5598 forum posts
1145 photos
Posted by Bandersnatch on 04/04/2020 01:57:58:
Posted by John Baron on 03/04/2020 09:49:47:

If you look through the file you will see that it contains code sequences that are read and executed.

...

Yet multiple virus scanners find nothing wrong. Doesn't say much for the effectiveness of the scanners does it? And presumably the same scanners wouldn't find any problems with any other pdf's that we all frequently download.

...

A couple of inferences too far maybe?

Most security vulnerabilities have limited lives - once identified PDF readers, and other software, are updated to remove the threat. Once the software is fixed there's no point in reporting old problems!

Also, many, perhaps most, vulnerabilities depend on configuration. For example, it would be safe to open a PDF containing iffy Javascript if the reader didn't support Javascript. Similarly many vulnerabilities are blocked by the operating system by managing permissions.

AVMs know about this stuff. So a scanner or PDF reader might say to itself, 'I know about this dodgy code but it doesn't matter because this computer has up-to-date software and the environment is secure; as it's safe to display the content, I'll do without making a fuss'.

An important point about investigating security issues is the whole configuration matters. It's unwise to draw conclusions from the big picture. Version numbers and individual security settings matter enormously, making it difficult to compare your machine with mine. Windows-10 as updated 3 days ago has thousands of under the bonnet changes compared with the version released in 2015. Many of the differences are security fixes and improvements. Being unable to simply say 'Fred and I are identical because we both run Windows-10, Firefox, and McAffee', makes diagnosis tricky because version numbers, file permissions, extensions and registry settings matter too. Don't jump to conclusions too quickly!

I think 'Presumably the same scanners wouldn't find any problems with any other pdf's that we all frequently download', is surely too broad. Scanners find the problems they know about. Missing some is inevitable, but it doesn't mean all the others of the same type will be ignored too.

Dave

PS John's embedded example says: 'Thisiscode' in ASCII.

Neil Wyatt04/04/2020 10:21:09
avatar
Moderator
17686 forum posts
697 photos
77 articles

Weird!

I've just posted on another forum because I found a paper on the improvisational playing of Phil Lesh (the Grateful Dead's bass player) on academia.edu, but it wanted access to all my google contacts to let me download it.

No way I'm feeding a spam factory.

Neil

Frances IoM04/04/2020 11:35:28
742 forum posts
26 photos
PDFs are based on the earlier Postscript scheme for driving printers - this was known to be Turing complete ie it was fully programmable thus PDF's are inherently capable of embedding what I presume is an interpreter that I guess might try to post messages back to Academia as to readership.

It advertises as a commercial company that hosts academic papers etc and can relay back to the posters of such the numbers etc of the readers of such - I'm guessing from the comment that it spams some downloaders that it pushes some products otherwise being a 'free' service I cannot see how it pays its considerable hosting bills.

Not being interested in microfossils I haven't downloaded it but does wget work and if so has anyone analysed the PDF to see what it does.

Edited By Frances IoM on 04/04/2020 11:36:07

Michael Gilligan04/04/2020 12:29:50
avatar
15425 forum posts
665 photos
Posted by Neil Wyatt on 04/04/2020 10:21:09:

Weird!

I've just posted on another forum because I found a paper on the improvisational playing of Phil Lesh (the Grateful Dead's bass player) on academia.edu, but it wanted access to all my google contacts to let me download it.

No way I'm feeding a spam factory.

Neil

.

It usually pays to read the ME/MEW forum first angel

MichaelG.

Michael Gilligan04/04/2020 12:37:59
avatar
15425 forum posts
665 photos
Posted by Frances IoM on 04/04/2020 11:35:28:
PDFs are based on the earlier Postscript scheme for driving printers - this was known to be Turing complete ie it was fully programmable thus PDF's are inherently capable of embedding what I presume is an interpreter that I guess might try to post messages back to Academia as to readership.

It advertises as a commercial company that hosts academic papers etc and can relay back to the posters of such the numbers etc of the readers of such - I'm guessing from the comment that it spams some downloaders that it pushes some products otherwise being a 'free' service I cannot see how it pays its considerable hosting bills.

Not being interested in microfossils I haven't downloaded it but does wget work and if so has anyone analysed the PDF to see what it does.

Edited By Frances IoM on 04/04/2020 11:36:07

.

Thanks for the useful comments, Frances

On principle, I have not downloaded the PDF from ‘Academia’ ... and thankfully have no need to try any other potentially dodgy sources. I can read the book on-line via University of Manchester library.

MichaelG.

.

PS ... not sure if UoM has the “paper on the improvisational playing of Phil Lesh”

Nick Clarke 304/04/2020 12:56:18
avatar
653 forum posts
18 photos
Posted by Frances IoM on 04/04/2020 11:35:28:
PDFs are based on the earlier Postscript scheme for driving printers - this was known to be Turing complete ie it was fully programmable thus PDF's are inherently capable of embedding what I presume is an interpreter that I guess might try to post messages back to Academia as to readership.

But you needed a Postscript interpreter to run the code - either hardware or software such as Ghostscript

Potentially far nastier is the ability to run code in other languages - a single Google search showed how to embed JavaScript or Python code in a pdf file - and experts in these are probably easier to find than a Postscript coder today.

I didn't need to search past the first page of results to locate these references - I suspect there may also be ways to embed compiled code but I have no intention of looking for them!

Bandersnatch04/04/2020 17:00:23
avatar
1571 forum posts
53 photos

So what's the bottom line?

Any pdf might contain malware which is undetected (even generically/heuristically) by multiple scanners so we should all stop downloading pdfs?

Edited By Bandersnatch on 04/04/2020 17:01:19

Frances IoM04/04/2020 17:08:02
742 forum posts
26 photos
No - find a reader that does not allow Javascript or calls to other external programs (there are some stupid email readers that allow Javacript) - I haven't tried it but maybe use wget to download then try Calibre to convert to a ebook version which might well wipe all non printable stuff
Bandersnatch04/04/2020 18:46:49
avatar
1571 forum posts
53 photos

Frances ... I take it that "email readers" was intended to be "pdf readers".

I didn't realise before that pdf readers ran javascript - you learn something new etc.

In fact I don't use the basic reader, I use the full Acrobat Pro instead. Checking just now, it allows turning off javascript (as well as various levels of javascript security). Don't know if the basic reader allows the same.

I've turned it off for now. Remains to be seen whether its workable without. Maybe it'll stop those spinning images in the pdfs of Hammond boxes.

Frances IoM04/04/2020 19:05:00
742 forum posts
26 photos
Bandersnatch - no I meant email readers - crazy I know like offering the key to your front door to anyone who posts you a letter but people like the fancy formatting that comes from using a web 'browser' interface to read mail - same is true of pdf readers - there are some pdf programs that run on Windoze that don't allow such tricks (used one for years on Win98).
Michael Gilligan04/04/2020 19:13:15
avatar
15425 forum posts
665 photos

This is all slightly surreal ... I remember [decades ago] being required to submit contractual documents in PDF format: Because it was “impossible to edit after publication” surprise

Such is ‘progress’

MichaelG.

Neil Wyatt04/04/2020 19:25:27
avatar
Moderator
17686 forum posts
697 photos
77 articles
Posted by Michael Gilligan on 04/04/2020 19:13:15:

This is all slightly surreal ... I remember [decades ago] being required to submit contractual documents in PDF format: Because it was “impossible to edit after publication” surprise

Such is ‘progress’

MichaelG.

It still applies, I sometimes get PDFs produced to a 'security standard' that warn me they will no longer comply, even if I only want to enable commenting.

Neil

All Topics | Latest Posts

Please login to post a reply.

Magazine Locator

Want the latest issue of Model Engineer or Model Engineers' Workshop? Use our magazine locator links to find your nearest stockist!

Find Model Engineer & Model Engineers' Workshop

Latest Forum Posts
Support Our Partners
Eccentric July 5 2018
Ausee.com.au
cowells
Warco
Allendale Electronics
ChesterUK
emcomachinetools
Eccentric Engineering
Subscription Offer

Latest "For Sale" Ads
Latest "Wanted" Ads
Get In Touch!

Do you want to contact the Model Engineer and Model Engineers' Workshop team?

You can contact us by phone, mail or email about the magazines including becoming a contributor, submitting reader's letters or making queries about articles. You can also get in touch about this website, advertising or other general issues.

Click THIS LINK for full contact details.

For subscription issues please see THIS LINK.

Digital Back Issues

Social Media online

'Like' us on Facebook
Follow us on Facebook

Follow us on Twitter
 Twitter Logo

Pin us on Pinterest