61
submitted 1 year ago* (last edited 1 year ago) by Penguincoder@beehaw.org to c/technology@beehaw.org

Literally one of the worst formats I deal with daily, from a security standpoint are PDFs. Very useful and predictable for the end user; yes, but very dangerous for the capabilities it allows.

Dangerzone works like this: You give it a document that you don't know if you can trust (for example, an email attachment). Inside of a sandbox, Dangerzone converts the document to a PDF (if it isn't already one), and then converts the PDF into raw pixel data: a huge list of RGB color values for each page. Then, in a separate sandbox, Dangerzone takes this pixel data and converts it back into a PDF.

top 8 comments
sorted by: hot top controversial new old
[-] fearout@kbin.social 16 points 1 year ago* (last edited 1 year ago)

So it basically rasterizes it? I wonder how it affects file size

[-] klangcola@reddthat.com 11 points 1 year ago

No mention of OCR? Copy-pasting links or data will be a joy..

[-] gromnar@beehaw.org 3 points 1 year ago

There is an optional Ocr pass, from what I understand

[-] ASK_ME_ABOUT_LOOM@beehaw.org 8 points 1 year ago

Oh, I think you already know.

[-] Penguincoder@beehaw.org 2 points 1 year ago

Yeah, definitely increases the size and removes some functionality that others may rely on. But for presentation of content which is what a PDF SHOULD BE, then it has typically worked fine. I've been using pandoc and some home grown scripts to do this sort of thing for a while.

[-] Blackbird@infosec.pub 5 points 1 year ago

Cool concept.

[-] GhostMagician@beehaw.org 5 points 1 year ago

This is looking like it'll be a valuable tool I'll use frequently.

[-] EastEndLatte@beehaw.org 2 points 1 year ago

I don’t know the pdf format very well, is it possible to just drop a few commands that make it vulnerable?

load more comments
view more: next ›
this post was submitted on 15 Jul 2023
61 points (100.0% liked)

Technology

37702 readers
81 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS