Two new attacks break PDF certification
2021-05-25
(Press-News.org) A security issue in the certification signatures of PDF documents has been discovered by researchers at Ruhr-Universität Bochum. This special form of signed PDF files can be used, for instance, to conclude contracts. Unlike a normal PDF signature, the certification signature permits certain changes to be made in the document after it has actually been signed. This is necessary to allow the second contractual party to also sign the document. The team from the Horst Görtz Institute for IT Security in Bochum showed that the second contractual party can also change the contract text unnoticed when they add their digital signature, without this invalidating the certification. The researchers additionally discovered a weakness in Adobe products that enables attackers to implant malicious code into the documents.
Simon Rohlmann, Dr. Vladislav Mladenov, Dr. Christian Mainka and Professor Jörg Schwenk from the Chair for Network and Data Security are presenting the results at the 42nd IEEE Symposium on Security and Privacy, which is taking place as an online conference from 24 to 27 May 2021. The team has also published the results on the website https://pdf-insecurity.org.
24 out of 26 applications affected
When using certification signatures, the party who issues the document and signs it first can determine which changes the other party can then make. For instance, it is possible to add comments, insert text into special fields, or add a second digital signature at the bottom of the document. The Bochum group circumvented the integrity of the protected PDF documents with two new attacks - called Sneaky Signature Attack (SSA) and Evil Annotation Attack (EAA). The researchers were thus able to display fake content in the document instead of the certified content, without this rendering the certification invalid or triggering a warning from the PDF applications.
The IT security experts tested 26 PDF applications, in 24 of which they were able to break the certification with at least one of the attacks. In eleven of the applications, the specifications for PDF certifications were also implemented incorrectly. The detailed results have been published online.
Malicious code can be implanted into Adobe documents
In addition to the security loopholes described above, the team from the Horst Görtz Institute also discovered a weakness specifically in Adobe products. Certified Adobe documents can execute JavaScript code, such as accessing URLs to verify the identity of a user. The researchers showed that attackers could use this mechanism to implant malicious code into a certified document. This makes it possible, for instance, for a user's privacy to be exposed by sending his IP address and information about the PDF applications used to an attacker when the document is opened.
INFORMATION:
[Attachments] See images for this press release:
ELSE PRESS RELEASES FROM THIS DATE:
2021-05-25
Press release - Abstract 481: Effects of testosterone therapy on morphology and grade of NAFLD in obese men with functional hypogonadism and type 2 diabetes
According to a new study, testosterone therapy may reduce non-alcoholic fatty liver disease in obese men with functional hypogonadism and type-2 diabetes.
Testosterone therapy may help obese men with functional hypogonadism and type-2 diabetes reduce the prevalence of non-alcoholic fatty liver disease (NAFLD), according to a study being presented at the 23rd?European Congress of Endocrinology ...
2021-05-25
Newly published papers further elucidate the mechanisms underlying pridopidine's neuroprotective properties through activation of the Sigma-1 Receptor (S1R).
Pridopidine enhances mitochondrial function and reduces mHTT-induced ER stress, which are impaired in HD, mediated by the S1R.
Three new peer-reviewed publications highlight pridopidine's therapeutic potential and provide data supporting the role of the S1R in neurodegenerative diseases
Prilenia Therapeutics B.V., a clinical stage biotech company focused on developing novel treatments for neurodegenerative and neurodevelopmental disorders, ...
2021-05-25
COLUMBUS, Ohio - A comprehensive analysis of 437 studies from around the world provides the best evidence to date that narcissism is an important risk factor for both aggression and violence, researchers said.
The link between narcissism and aggression was found for all dimensions of narcissism and for a variety of types of aggression. Results were similar regardless of gender, age, whether they were college students, or country of residence.
And, to have an impact, narcissism doesn't have to be at levels so high as to be pathological. Findings showed ...
2021-05-25
Two articles published online today by Alzheimer's & Dementia: Translational Research & Clinical Interventions, a journal of the Alzheimer's Association, show substantial changes in the focus and funding of clinical trials for Alzheimer's disease therapies. The newly published articles throw a greater spotlight on a decision -- now before the U.S. Food and Drug Administration (FDA) -- that would potentially bring a new drug therapy to Alzheimer's patients for the first time in nearly 20 years.
Researchers analyzed clinicaltrials.gov, the U.S. National Library of Medicine's database, and five years of annual Alzheimer's pipeline reviews published by UNLV School of Integrated Health Sciences research professor Jeffrey L. Cummings ...
2021-05-25
Researchers at the Vienna BioCenter designed a testing protocol for SARS-CoV-2 that can process tens of thousands of samples in less than 48 hours. The method, called SARSeq, is published in the journal Nature Communications and could be adapted to many more pathogens.
The COVID-19 pandemic has lasted more than a year and continues to impact our lives tremendously. Although some countries have launched speedy vaccination campaigns, many still await large-scale immunization schemes and effective antiviral therapies - before that happens, the world urgently needs to regain a semblance ...
2021-05-25
While we sleep, the brain produces particular activation patterns. When two of these patterns - slow oscillations and sleep spindles - gear into each other, previous experiences are reactivated. The stronger the reactivation, the clearer will be our recall of past events, a new study reveals.
Scientists have long known that slow oscillations (SOs) and sleep spindles - sudden half-second to two-second bursts of oscillatory brain activity - play an important role in the formation and retention of new memories.
But experts in the UK and Germany have discovered that the precise combination of SOs and sleep spindles is vital for opening windows during which ...
2021-05-25
As devices continue to be built on an increasingly small scale, scientists are looking toward developing ways to engineer materials at the atomic level. In a breakthrough that will contribute to this, published in Nature Communications, researchers from the RIKEN Cluster for Pioneering Research and RIKEN Center for Advanced Photonics, along with collaborators, have developed a way to use a "dry transfer technique"--a technique that uses no solvent--to position optical quality carbon nanotubes in a precise way.
Carbon nanotubes are a promising type of materials with potential uses in applications such as light-emitting diodes, ...
2021-05-25
HOUSTON - (May 25, 2021) - Sometimes things are a little out of whack, and it turns out to be exactly what you need.
That was the case when orthoferrite crystals turned up at a Rice University laboratory slightly misaligned. Those crystals inadvertently became the basis of a discovery that should resonate with researchers studying spintronics-based quantum technology.
Rice physicist Junichiro Kono, alumnus Takuma Makihara and their collaborators found an orthoferrite material, in this case yttrium iron oxide, placed in a high magnetic field showed uniquely tunable, ultrastrong interactions between magnons in the crystal.
Orthoferrites ...
2021-05-25
PULLMAN, Wash. - Before the huge potential of tiny nanocarriers for highly targeted drug delivery and environmental clean-up can be realized, scientists first need to be able to see them.
Currently researchers have to rely on attaching fluorescent dyes or heavy metals to label parts of organic nanocarrier structures for investigation, often changing them in the process. A new technique using chemically-sensitive "soft" X-rays offers a simpler, non-disruptive way of gaining insight into this nano-world.
In a study published by Nature Communications, a research team demonstrates the capability of the X-ray method on a smart drug delivery nanoparticle and a polysoap nanostructure intended to capture crude oil spilled in the ocean.
"We have developed a ...
2021-05-25
Ancient Judeans commonly ate non-kosher fish surrounding the time that such food was prohibited in the Bible, suggests a study published in the peer-reviewed journal Tel Aviv.
This finding sheds new light on the origin of Old Testament dietary laws that are still observed by many Jews today. Among these rules is a ban on eating any species of fish which lacks scales or fins.
The study reports an analysis of ancient fish bones from 30 archaeological sites in Israel and Sinai which date to the more than 2,000-year span from the Late Bronze Age (1550-1130 ...
LAST 30 PRESS RELEASES:
[Press-News.org] Two new attacks break PDF certification