Academia.edu

Advert

New Replies

Report Bug

Help/FAQs

Academia.edu

This topic has 37 replies, 14 voices, and was last updated 4 April 2020 at 19:25 by Neil Wyatt.

Viewing 13 posts - 26 through 38 (of 38 total)

← 1 2

Author

Posts
4 April 2020 at 08:44 #462236
John Baron
Participant
@johnbaron31275
Posted by Bandersnatch on 04/04/2020 01:57:58:

Posted by John Baron on 03/04/2020 09:49:47:

If you look through the file you will see that it contains code sequences that are read and executed.

084 0104 0105 0115 0105 0115 099 0111 0100 0101

Like this. This bit of code is not dangerous, just an illustration.

Yet multiple virus scanners find nothing wrong. Doesn't say much for the effectiveness of the scanners does it? And presumably the same scanners wouldn't find any problems with any other pdf's that we all frequently download.

Hmmm.

Problem is that it is just text, nothing innocuous about that ! I'm sure that you have seen warnings about dangerous PDF documents.

By the way did you translate the numbers ?

Hexadecimal message in Glyph pictures….

https://gamefaqs.gamespot.com/boards/956856-assassins-creed-ii/52630448
Advert

4 April 2020 at 10:00 #462251
SillyOldDuffer
Moderator
@sillyoldduffer
Posted by Bandersnatch on 04/04/2020 01:57:58:

Posted by John Baron on 03/04/2020 09:49:47:

If you look through the file you will see that it contains code sequences that are read and executed.

…

Yet multiple virus scanners find nothing wrong. Doesn't say much for the effectiveness of the scanners does it? And presumably the same scanners wouldn't find any problems with any other pdf's that we all frequently download.

…

A couple of inferences too far maybe?

Most security vulnerabilities have limited lives – once identified PDF readers, and other software, are updated to remove the threat. Once the software is fixed there's no point in reporting old problems!

Also, many, perhaps most, vulnerabilities depend on configuration. For example, it would be safe to open a PDF containing iffy Javascript if the reader didn't support Javascript. Similarly many vulnerabilities are blocked by the operating system by managing permissions.

AVMs know about this stuff. So a scanner or PDF reader might say to itself, 'I know about this dodgy code but it doesn't matter because this computer has up-to-date software and the environment is secure; as it's safe to display the content, I'll do without making a fuss'.

An important point about investigating security issues is the whole configuration matters. It's unwise to draw conclusions from the big picture. Version numbers and individual security settings matter enormously, making it difficult to compare your machine with mine. Windows-10 as updated 3 days ago has thousands of under the bonnet changes compared with the version released in 2015. Many of the differences are security fixes and improvements. Being unable to simply say 'Fred and I are identical because we both run Windows-10, Firefox, and McAffee', makes diagnosis tricky because version numbers, file permissions, extensions and registry settings matter too. Don't jump to conclusions too quickly!

I think 'Presumably the same scanners wouldn't find any problems with any other pdf's that we all frequently download', is surely too broad. Scanners find the problems they know about. Missing some is inevitable, but it doesn't mean all the others of the same type will be ignored too.

Dave

PS John's embedded example says: 'Thisiscode' in ASCII.
4 April 2020 at 10:21 #462255
Neil Wyatt
Moderator
@neilwyatt
Weird!

I've just posted on another forum because I found a paper on the improvisational playing of Phil Lesh (the Grateful Dead's bass player) on academia.edu, but it wanted access to all my google contacts to let me download it.

No way I'm feeding a spam factory.

Neil
4 April 2020 at 11:35 #462277
Frances IoM
Participant
@francesiom58905
PDFs are based on the earlier Postscript scheme for driving printers – this was known to be Turing complete ie it was fully programmable thus PDF’s are inherently capable of embedding what I presume is an interpreter that I guess might try to post messages back to Academia as to readership.

It advertises as a commercial company that hosts academic papers etc and can relay back to the posters of such the numbers etc of the readers of such – I’m guessing from the comment that it spams some downloaders that it pushes some products otherwise being a ‘free’ service I cannot see how it pays its considerable hosting bills.

Not being interested in microfossils I haven’t downloaded it but does wget work and if so has anyone analysed the PDF to see what it does.

Edited By Frances IoM on 04/04/2020 11:36:07
4 April 2020 at 12:29 #462288
Michael Gilligan
Participant
@michaelgilligan61133
Posted by Neil Wyatt on 04/04/2020 10:21:09:

Weird!

I've just posted on another forum because I found a paper on the improvisational playing of Phil Lesh (the Grateful Dead's bass player) on academia.edu, but it wanted access to all my google contacts to let me download it.

No way I'm feeding a spam factory.

Neil

.

It usually pays to read the ME/MEW forum first

MichaelG.
4 April 2020 at 12:37 #462291
Michael Gilligan
Participant
@michaelgilligan61133
Posted by Frances IoM on 04/04/2020 11:35:28:
PDFs are based on the earlier Postscript scheme for driving printers – this was known to be Turing complete ie it was fully programmable thus PDF's are inherently capable of embedding what I presume is an interpreter that I guess might try to post messages back to Academia as to readership.

It advertises as a commercial company that hosts academic papers etc and can relay back to the posters of such the numbers etc of the readers of such – I'm guessing from the comment that it spams some downloaders that it pushes some products otherwise being a 'free' service I cannot see how it pays its considerable hosting bills.

Not being interested in microfossils I haven't downloaded it but does wget work and if so has anyone analysed the PDF to see what it does.

Edited By Frances IoM on 04/04/2020 11:36:07

.

Thanks for the useful comments, Frances

On principle, I have not downloaded the PDF from ‘Academia’ … and thankfully have no need to try any other potentially dodgy sources. I can read the book on-line via University of Manchester library.

MichaelG.

.

PS … not sure if UoM has the “paper on the improvisational playing of Phil Lesh”
4 April 2020 at 12:56 #462294
Nick Clarke 3
Participant
@nickclarke3
Posted by Frances IoM on 04/04/2020 11:35:28:
PDFs are based on the earlier Postscript scheme for driving printers – this was known to be Turing complete ie it was fully programmable thus PDF's are inherently capable of embedding what I presume is an interpreter that I guess might try to post messages back to Academia as to readership.

But you needed a Postscript interpreter to run the code – either hardware or software such as Ghostscript

Potentially far nastier is the ability to run code in other languages – a single Google search showed how to embed JavaScript or Python code in a pdf file – and experts in these are probably easier to find than a Postscript coder today.

I didn't need to search past the first page of results to locate these references – I suspect there may also be ways to embed compiled code but I have no intention of looking for them!
4 April 2020 at 17:00 #462332
Enough!
Participant
@enough
So what's the bottom line?

Any pdf might contain malware which is undetected (even generically/heuristically) by multiple scanners so we should all stop downloading pdfs?

Edited By Bandersnatch on 04/04/2020 17:01:19
4 April 2020 at 17:08 #462334
Frances IoM
Participant
@francesiom58905
No – find a reader that does not allow Javascript or calls to other external programs (there are some stupid email readers that allow Javacript) – I haven’t tried it but maybe use wget to download then try Calibre to convert to a ebook version which might well wipe all non printable stuff
4 April 2020 at 18:46 #462352
Enough!
Participant
@enough
Frances … I take it that "email readers" was intended to be "pdf readers".

I didn't realise before that pdf readers ran javascript – you learn something new etc.

In fact I don't use the basic reader, I use the full Acrobat Pro instead. Checking just now, it allows turning off javascript (as well as various levels of javascript security). Don't know if the basic reader allows the same.

I've turned it off for now. Remains to be seen whether its workable without. Maybe it'll stop those spinning images in the pdfs of Hammond boxes.
4 April 2020 at 19:05 #462356
Frances IoM
Participant
@francesiom58905
Bandersnatch – no I meant email readers – crazy I know like offering the key to your front door to anyone who posts you a letter but people like the fancy formatting that comes from using a web ‘browser’ interface to read mail – same is true of pdf readers – there are some pdf programs that run on Windoze that don’t allow such tricks (used one for years on Win98).
4 April 2020 at 19:13 #462359
Michael Gilligan
Participant
@michaelgilligan61133
This is all slightly surreal … I remember [decades ago] being required to submit contractual documents in PDF format: Because it was “impossible to edit after publication”

Such is ‘progress’

MichaelG.
4 April 2020 at 19:25 #462361
Neil Wyatt
Moderator
@neilwyatt
Posted by Michael Gilligan on 04/04/2020 19:13:15:

This is all slightly surreal … I remember [decades ago] being required to submit contractual documents in PDF format: Because it was “impossible to edit after publication”

Such is ‘progress’

MichaelG.

It still applies, I sometimes get PDFs produced to a 'security standard' that warn me they will no longer comply, even if I only want to enable commenting.

Neil
Author

Posts