On Friday 11 January 2008 03:12:46 Philippe Landau wrote: > Anders Johansson wrote: > > On Friday 11 January 2008 02:25:57 Don Raboud wrote: > >> Among the options one can set in Acrobat reader is to specify a proxy > >> which I usually set to 127.0.0.1 to avoid things like this. (I am not > >> paranoid, just don't like the very idea.) Of course, being closed > >> source one has no idea if acrobat reader honors these settings or not. > > > > Sure one has. Just use wireshark to see what it does. It can't bypass > > that. No need to sit around guessing, or tell scary stories > > > > I have a hunch lots of people already have done that though, and if it > > did bad things, we would have heard about it by now, a lot louder than > > vague rumours on mailing lists > > No need to insult if you follow the provided link there (see below) > or do some online research on your own confirming what is > now known since over two years.
By the way, I just discovered that since late 2005, Adobe actually disabled this feature (the feature in question was that acroread let javascript silently download URLs in the background without telling the user- that was how the notification worked) If a PDF today tries to access a URL, acroread will tell the user about it and give him a chance to prevent it. I guess they responded to the articles - and I guess that's why all the articles about this are over two years old (not counting all the blogs that only quote those old articles) So I think this problem is gone from acroread, but again: to make sure, use wireshark to determine what the program actually does on the network And if anyone does discover something happening that should be happening, file a security bug about it. These things are taken seriously Anders -- Madness takes its toll -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
