1 Correct answer
Changing the "Application" and "PDF Producer" entries in the document properties is trivial, just open Acrobat's console and change the variables:
this.info.Producer = "Something better than Word"
this.info.Creator = "Definitely not Acrobat 1.0"
You can read and "write" the last-modified date via this.info.ModDate but it's pointless to do so, it is always overwritten with the system timestamp on save. The operating system provides that value, so of course if your system clock is wrong...
8
Replies
- You're talking garbage.
Thank you Dave!
I''ll take that as a very kind compliment coming from a well-respected Adobe MVP alpha-male who seems to be suffering from Narcissistic personality disorder.
But who am I to judge your online personality like that, right? Maybe I'm projecting myself too hard, besides I'm no shrink.
But I can say this: it takes one to know one! And who knows... maybe we might've even cross paths in a past life!
Anyway, your very kind compliment just showed me how far ahead in the game I am.
- Incorrect XMP has ZERO, repeat ZERO security risk, it cannot ever include executable code and no self-respecting anti-virus or firewall software would even bother to look at it.
Again, did you just said that???? specially the part that says "no self-respecting anti-virus or firewall software would even bother to look at it."
See the slide below. Maybe handing to you my narcissistic mirror can help pull out the veil in front of you and actually aid you to see the same reflection that I'm looking into:
- I have no idea why you're ranting on about javascript and government reports, it's utterly irrelevant to the question, which was perfectly legitimate.
Ranting ? Another nice compliment!
But if you think that was a rant is because a few weeks ago Thom Parker called me out in another thread and said that what I posted was very innapropriate.
Another user was having difficulties executing a bacth script with BVScript and figuring out how to execute it with Adobe JavaScript inside of a PDF.
I said that maybe what he was trying to do is possible with a metasploit.
I ask the user if he ever followed a blog (that I follow) from a Microroft MVP who is also a well known PDF security analyst who has developed software tools that allows a user to analyze a PDF and be able to embed an executable file with a sepcific code inside of a PDF.
I didn't even posted the URL, I just mentioned that person's name and the title of the article in that blog where the tools and methods are explained in detail.
Thom said that that is exaclty what we're trying to avoid (referring to the Adobe's developer community as a whole).
He added, that I was encouraging users to develop malicious code and things like this is what gets you banned from the forums.
So even though my contribution in that thread was not aimed at encouraging users to develop malicious code, I reported myself to the moderators and ask to delete that thread. It was deleted immediately.
- Or maybe you think that merely adding a fake author name turns everything into a virus? In which case show a birth certificate for "ls_rbls".
I assume my post earlier didn't came out right. But look at the slide that I posted above again, please do.
The fact that you actually asked if I think that adding a fake author turns everything into a virus really shows another great compliment. Thank you Dave!
Since now you brought to the forum's attention about XMP (NOT ME!) you should defiinitely look in how XMP IDs and XMP Pivots are used in malware campaigns precisely because of low anti-virus detection rates.
If belittling my input in cybersecurity awareness was your intention, I have to say that you have a lot of work to do in that area. You're not as good as I am when it comes to hurrting other people's feelings with online sarcasm yet.
Look in https://labs.inquest.net and see for yourself (not because I'm saying it) but really read as hard as I have and see for yourself the "garbage" techniques that are used nowadays to discover malware campaigns with reversed malware analysis using XMP.
But overall, perhaps we should take a tour back in computer history and look at how the guy who discovered the Y2K Bug was neglected by the Pentagon back in the 70"s as he was trying to raise security and privacy awareness about that other (and still overlooked) issue.
Your last reply still doesn't answer the user's "legitimate" question.
If you prefer I can post here all the "garbage" links that I spent months in researching which contain the necessary methods and tools for the user to be able to right-click on a faked PDF and have the Windows shell environment fooled in order to display faked file properties.
It is actually the same security analyst that Thom Parker called me out for when I mentioned about it.
That security analyst has already exploited that PDF bug and this question has been answered outside of the Adobe forums.
Maybe I should've said that in my first thread and all this, now a very pointless conversation, wouldn't even take place to begin with.
AdChoices