Saturday, June 16, 2001

yo...yo invasion, wha? this is an invasion.
an in...from where? planet detroit...oh.

posted by john , 6:09 AM Þ 
Wednesday, June 13, 2001

nookler combat toe to toe with the rooskies

if water gets cold enough it will for all intensive purposes
become dry.

posted by john , 9:27 PM Þ 
Tuesday, June 12, 2001

Today, I was playing around with the tools in Acrobat 5, and a PDF entitled "a digital video primer" published by Adobe. I found that this file is LOCKED and ENCRYPTED, so that you cannot copy text, cannot extract pictures, cannot add notes or edit the document in any way.

Red rag to a bull.

From previous experience, I knew that you can print a restricted PDF to file and then distill it into a new PDF, preserving the file intact, but stripping all of the security. I tried this attack first, with Distiller 3, Distiller 4 Distiller 5 and the "Distiller", "PDFwrite" that comes with Ghostscript. All of them failed with the error that the file was encrypted, and that distilling an encrypted .ps file from a secure PDF was "not allowed". The Adobe Distillers go throughout the entire process of Distilling the file, including counting the pages as they are processed. It is only at the end that you get the following warning:

%%[ ProductName: Distiller ]%%
This PostScript file was created from an encrypted PDF file.
Redistilling encrypted PDF is not permitted.
%%[ Flushing: rest of job (to end-of-file) will be ignored ]%%
%%[ Warning: PostScript error. No PDF file produced. ] %%

using PDFwrite, the same thing happened when trying to distill a .ps file created by Acrobat 5 printing to file.; everything was processed as if the PDF was going to be written, and then only at the end you get a similarly formatted error log.

I suspect that somewhere there is a cleartext PDF in a /temp directory that could be intercepted...hmmmmm

The next possible attack was opening the PDF file in Illustrator 9; it failed, asking for a password to open the file. Opening in Photoshop 6.1 also failed. Printing the file "to file" with a linotronic 330 printer driver produced a .ps file which refused to distill on all distillers with the same security warning. The .ps file could however be opened and viewed in Ghostscript. Saving the file to EPS in Ghostscript produced an EPS that displayed a single blank page in Illustrator 9 and Photoshop 6.1.

Opening the original file in GSview the front end for Ghostscript, produced an error, since the file was encrypted; there is a patch that needs to be installed so that you can use GSview/Ghostscript to open encrypted PDFs. The patch worked, and the encrypted file opened.

I was then able to export the encrypted file to a PDF.

This stripped all of the security from the PDF, allowing full access to the complete contents of the file, and full editing functionality. The stripped file is identical to the original file in every way, save that the encryption has been defeated. No need to brute force passwords, no need to print and re-capture (capturing inside Acrobat Capture was also a disallowed function btw).

"Trying to secure bits is like trying to make water not wet". This is true, and it is true of the PDF format. Because it is designed for printing there will always be a point in the document stream where you can capture the raw data, and then reconstruct the exact document, minus the security. This is quite different to the "encrypted channel to speakers / monitor" systems that are being designed now, because PDFs need to be printable to paper, which is always a clear text end product, rendering all attempts to "secure" PDFs moot.

Adobe will have to add security into Postscript itself, so that the attacker has to chase the cleartext right down to the laser in the printer. This will make it hard, but not impossible, to intercept cleartext in the printing chain.

Amazingly, Governments have released sensitive documents to the public, with postscript rendered black rectangle elements to obscure the names of ther informers / collaborators /spies. Anyone can strip the security from these files, remove the rectangles and read the information. This has already happened. Whats interesting is that Adobe is still putting these options into Acrobat, as if they will be any good at stoping people from editing / viewing hidden elements in PDFs. Its probably enough to stop the ordinary user, but when sensitive or valuable information normally ends up being replicated, its a sure thing that any sensitive info passed around in PDFs will be open to widespread reading thanks to these simple strip attacks.

Maybe Adobe can call its new version of Postscript "Postcrypt"!
posted by Irdial , 9:50 PM Þ 

i wouldn't think that it is static... but then i am staying on for like 17 hours at a time, so it as well be...

yeah at the moment we are running through IPNetRouter which is kind of like a proxy I guess... It's basically letting the rest of my house use the modem connected to my computer... Unlike most proxies I've used though (WebDoubler, WinGate, WinProxy, etc) t doesn't let you monitor all the activity passing through, so i can't spy on my flatmate's filthy habits!! Along with IPNetRouter I got IPNetSentry which has a firewall in it, so it should be OK... The software blocks / filters suspicious IPs based on the type of activity and it's all configurable... I quite like it...

Freedom looks cool, but it's x86 only, and I am a Mac user.. bwah ha ha...

or something.. yeah...
posted by alex_tea , 9:29 PM Þ 

The mantra is, that if you have a static IP and a fat pipe, you need to get your boxen behind a firewall.

ummmm let me guess, Effnet IRC? Effnet is a VERY agressive place, so watch out....ive had my machine (windoze) remotely rebootted for me [several times] whilst chatting on IRC....

you might want to pull everythnig through a proxy server, or even better, do it all through Freedom

being fast is fun!
posted by Irdial , 8:05 PM Þ 

hey i just found out the answer to my question...

*** Notice -- This server runs an open proxy/wingate detection monitor.
*** Notice -- If you see a port 1080 or port 23 connection from
*** Notice -- please disregard it, as it is the detector in action.
*** Notice -- For more information please see http: //

posted by alex_tea , 8:03 PM Þ 

i have a mac. i use IPNetMonitor... and IPNetRouter and IPNetSentry... but i have been getting securiy alerts recently... from an IP address which I have resolved as which is an IRC server...

basically the alert says they are trying to telnet on port 23 and it adds a filter to block them..

my flat mate was messing around with IRC the other day and he doesn't know what it is so i guess it's his fault! hahahaha! no, not really,but i was wondering what kind of threat this could be to my system... I guess they're just trying to get at my files...

how can i find out who is though? give them a taste of their own medicine?!
posted by alex_tea , 7:23 PM Þ 

tcp/ip sucks eggs!!!!!!!!!!!
(for fun with tcp/ip go and get a
scanner. but don't do a bank or
the police et al.

Know the Facts.

1.Rabbits are not "low-maintenance" pets, and are a
poor choice as a pet for children.
2.They have a lifespan of 10 years and require as much
work as a dog or cat.
3.Your home must be bunny-proofed, or Thumper will chew
electrical cords and furniture. SPARK!!!!!!!!!!!!!!!!!!
4. Rabbits must be spayed or neutered or they will mark your
house with feces/poopie and urine.
5. They should live indoors, as members of the family. To consign
these sensitive, intelligent, social animals to life in a hutch is to
miss the joy of sharing your life with a rabbit. yeah, sucka.

Clearly, rabbits aren't for everyone.
posted by john , 12:53 AM Þ 
Monday, June 11, 2001

do you think we could save the world with tcp/ip. the most exciting thing i've done with tcp/ip is a trace route...
posted by alex_tea , 6:30 PM Þ 
posted by captain davros , 9:28 AM Þ 
Sunday, June 10, 2001
posted by Irdial , 10:58 AM Þ 

Subscribe to “Irdial-List” Our Mailing List.
The Blarchives are here.
The Blogs on are powered by WordPress.
Here is the Blogdial Atom XML feed.
Here is the Blogdial Feedburner XML feed.
Open Content 1995-2005 Irdialani Limited. All Rights Relinquished where applicable.