Life in the front line

Martin Bailey at 11:19 GMT on 1 June 2009

I have very mixed feelings when I see recommendations like this one from RIM: “Prevent the BlackBerry Attachment Service from processing PDF files in a BlackBerry Enterprise Server environment” (link). Does this, and similar recommendations on other platforms, including mainstream desktop operating systems, mean that PDF has failed as a preferred document distribution format?

No, of course it doesn’t. It shows that PDF is ubiquitous and important enough that the bad guys see it as worthwhile to target. If nobody was using PDF they wouldn’t bother because they couldn’t gain any advantage from doing so.

And for PDF vendors? We’re in the front line now; we have to code well and avoid all those buffer overflow issues and other vulnerabilities so that PDF usage can continue to grow and be successful.

Uncategorized      2 Comments

2 Comments

Add your comment

  1. Michael Jahn
    1 June 2009 14:45 GMT

    Well said ! I am working on a project that enables hospitals, medical centers, clinics and physicians to exchange “PDF Healthcare” file that contain critical patient data. PDF is widely accepted and wildly popular, so it is a bit silly to think that it can be ‘ignored’ in such a manner. Yes, PDF files can contain JavaScript – workflows need to be tuned, and levels of permissions may need to be implemented. These are some of the ‘best practices’ we discuss on the AIIM “PDF Healthcare’ committee.

  2. Charles Bernard
    1 July 2010 19:00 GMT

    I like the fact that you are beginning to write about vulnerabilities.

    I formerly used Acrobat Reader, but they are in a constant battle to plug security holes.

    Alarms from my Secunia PSI updater kept going off even after I had updated Adobe. It turns out that Adobe’s updates were not removing the old version vulnerable dll file(s), thereby setting off my alarm.

    I got tired of this and left Adobe to find an alternative.

    I am using the trial version of gDoc Fusion and like it.

    But what worries me is that I am not seeing security updates from Global Graphics at all.

    It is hard for me to imagine that there are no vulnerabilities in Fusion.

    Please advise.
    Charles Bernard

Post a comment