Le lundi 28 novembre 2016, 10:28:03 CET Paul Kosinski a écrit :
> Of course, if anybody is able to find out what the magic filename is,
> they could mount a targeted attack.
Of course, but thanks for the warning.
> How are the PDFs generated? Would it be possible to attach a
> cryptographic signa
Le lundi 28 novembre 2016, 14:28:11 CET Steve Basford a écrit :
> I guess this *might* be an option.
Thanks for your reply and this idea.
> 1. Find something common in your pdf you want to "whitelist", say "Your
> company name or department", convert this to hex.
Let's say "My Safe PDF" → "4d79
Of course, if anybody is able to find out what the magic filename is,
they could mount a targeted attack.
How are the PDFs generated? Would it be possible to attach a
cryptographic signature to asset to their validity? (That would
probably require an additional step on receipt as well as transmiss
On Mon, November 28, 2016 1:56 pm, Mathieu D. wrote:
> Hello,
>
>
> Is there any way to whitelist a file based on it's signature *and* it's
> filename?
>
Not that I know of...
I guess this *might* be an option.
1. Find something common in your pdf you want to "whitelist", say "Your
company name
Hello,
Is there any way to whitelist a file based on it's signature *and* it's
filename?
My case is about a legit PDF file embedding JavaScript sent by users by email.
Its signature is "PUA.Script.PDF.EmbeddedJavaScript", but its MD5 hash is
always different (probably because users are saving