Re: Tracking links in data*** PDFs

> Can you see their URL or IP (? 65.17.226.156 ?) if you open the
> document in a text editor? Can you point to a sample document? I'd
> like to block whatever they are using right at the entry firewall.

You can get a copy of the document in question by googling for 0201cs.
It is the first match. In order to get a copy of this data***, The
company asks you for your email address so they can put a serial number
that is tied to you in their tracking database. They then email an
identifiable copy to you. I have written to the company in question
informing them that this is not good practice. It is actually a gaping
_security hole_.

Imagine what could happen if remoteapproach.com went out of business or
changed their internet address some time in the future. Then, a nasty
individual could regsiter that domain and set up a buffer overflow
response to the acrobat reader. The security of that company is
breached. The attacker now has unlimited access to the computer that
opened up the PDF file. There is now a wide open tunnel between the
attacker's computer and the company's internal network. Because the
engineer opened the PDF file, the Acrobat reader instantiated the
outbound IP connection to the rougue host. This removes the protection
that the company firewall provides to its internal LAN. All further
traffic is then sent through an encrypted SSH tunnel using the very
port that was initiated by the reader.

Of course, this is hypothetical. If you believe that Acrobat reader
and the underlying windows support libraries are 100% secure, and will
never ever suffer from security holes, then there's nothing to worry
about.

-Chris

--
/> Christopher Cole <\ <\
<< Cole Design and Development \\ email: cole@xxxxxxxxxx \\
\\ Computer Networking & Embedded Electronics \\ web: http://coledd.com >>
\> \> </
.