Hallo zusammen,
sofern nicht selber schon gesehen/-lesen hier [0] bzw. [1] FYI
"How to break PDF Signatures"
--> If you open a PDF document and your viewer displays a panel (like you see below) indicating that
the document is signed by [email protected] and the document has not been modified since the signature was applied You assume that the displayed content is precisely what [email protected] has created.
During recent research, we found out that this is not the case for almost all PDF Desktop Viewers and most Online Validation Services.
==> Nutze ich einen aktuell verwundbaren Desktop Client ja/nein - siehe [2]
VG
Bernd
[0] https://www.pdf-insecurity.org/
[1] https://www.pdf-insecurity.org/signature/signature.html
[2] https://www.pdf-insecurity.org/signature/viewer.html
rwth-security@lists.rwth-aachen.de