|
En wannan kyakkyawan matsayi wannan ya fito yau a Bayanin Bayani, an ruwaito daya daga cikin hadari na karshe da kuma hadari na PDFs, yana mai gaskata abin da muka gabatar dashi sakon mu na jiya. Na ci gaba da halin kirki na labarin: mafi kyau yi amfani da tsari kyauta na DJVU; ya fi aminci kuma yana ƙirƙirar ƙarami, ingantattun fayiloli… kawai ba zai sami tallafi daga "ƙato" kamar Adobe ba. |
A 'yan kwanakin nan za a zagaye duniya aikin da Didier Stevens yayi don aiwatar da binaries daga takaddar PDF. Dabarar, idan ana amfani da ita Adobe Acrobat Reader, yana nuna sakon da zai iya zama, kamar yadda shi da kansa ya fada, an sassaka shi sashi. A cikin Rariyaakasin haka, ba a nuna saƙo ba kuma ana aiwatar da umarni ba tare da faɗakarwa ba.
Wannan dabarar mai sauki ce, madaidaiciya, sabili da haka tana da matukar hatsari, idan muka yi la'akari da cewa tsarin PDF shine wanda aka fi so da masu amfani da shi a shekarar da ta gabata, wanda ya kai matuka matuka.
Ganin wannan, Na tuna cewa a cikin labarai da yawa akan Intanet, lokacin da suke magana game da yadda ake amfani da rauni a cikin PDF suna faɗar abubuwa kamar haka "Gano samfurin Acrobat da suke amfani da shi, tare da FOCA, misali" sannan gina riba. Talakawan FOCA sun makale a cikin waɗancan tsarukan.
Wani abu makamancin wannan shine demo ɗin da muka shirya don Ranar Tsaro, wanda muke amfani da rashin ƙarfi a Acrobat Reader (gami da sigar 9) don samun Shell mai nisa akan kwamfutar mai rauni. An yi amfani da yanayin rauni CVE-2009-0927 kuma aikinta yana ba da damar aiwatar da kowane umarni. Idan software tana da rauni, zaku sami saƙo kamar wanda aka gani a hoto mai zuwa:
Kuma amfani da muke amfani dashi yana tura Shell zuwa IP da tashar jirgin ruwa wanda muka saita gidan yanar gizo don saurare.
Tabbas, a cikin injin da aka yi amfani da shi, aikin Acrobat Reader yana gudana, yana bin umarnin Shell.
Ganin haɗarin amfani da PDF, sai na yanke shawarar loda shi zuwa VirusTotal, don ganin yadda injunan riga-kafi ke yin aiki da waɗannan abubuwan a cikin takardun pdf. Yana da mahimmanci musamman la'akari da halayensa idan muna magana ne game da injin da aka yi amfani da shi a cikin manajan imel ko a cikin wurin ajiye takardu, tunda yana cikin waɗancan yankuna ne inda mafi yawan takaddun pdf ke motsawa. Sakamakon, tare da wannan amfani na musamman, bai kasance mara kyau ba, amma abin mamaki shine har yanzu akwai adadi mai yawa na injuna waɗanda ba su gano shi ba, amma ƙimar ba ta kai kashi 50% ba kuma, wasu daga cikinsu, kamar Caspersky, McAffe ko Fortinet.
A matsayin sha'awa, ya zama a gare ni in yi amfani da fakiti na fayil don samar da zartarwa, kwatankwacin ƙaunataccenmu redbinder na Thor, amma tare da ƙananan ayyukan da ake kira Jiji kuma akwai gani a cikin Cyberhades, don ganin abin da injunan antimalware suka yi lokacin da muka sanya pdf amfani a cikin kunshin tare da ƙarin exe.
Wannan sabon zartarwa, lokacin da ake gudanar dashi, yana ƙaddamar da daftarin aiki tare da amfani da pdf. Sauran abubuwan da suka fado min a rai sune: A) sun kwance shi kuma mutane daga gabanin gano shi kuma B) Suna zuwa kai tsaye don gano abin da ke ciki kuma su sanya hannu a kan mai daukar hoton.Ko da yake, sakamakon ya kasance abin mamaki.
Kashi 2 cikin 42 ne kawai suka gano shi, 1 a matsayin mai tuhuma kuma VirusBuster ne kawai ya san tsarin, kuma ya dauki matsala, don kwance abun cikin don sikanta shi.
Bayan ganin wannan, a ganina daidai ne cewa Microsoft da Adobe suna la'akari da sabunta software ta hanyar Windows Update kuma Microsoft yana buɗe dandalin Sabunta Sabunta Windows don haɗa sauran mafita kamar wakilin Windows Update Secunia CSI, wanda ke aiki tare da Manajan Gudanarwar Cibiyar Cibiyar da WSUS.
Saurare ni da kyau yi amfani da tsari kyauta na DJVU- ya fi tsaro kuma yana ƙirƙirar ƙananan, fayiloli masu inganci.
Source: Bayanin Bayani
bayani: pdf shima tsari ne na kyauta.
kuma zai zama da muhimmanci a ga laifin waye, idan tsari (PDF) ko shirye-shiryen (Acrobat Reader, Foxit, da sauransu) saboda tsarin yana iya zama mai kyau, amma shirin da yake aiwatar da shi ya munana sosai, kuma wannan ba Yana nufin cewa babu kyawawan shirye-shirye wanda wannan bai faru dasu ba (dukkansu suna amfani da Acrobat ko Foxit, amma a cikin Linux muna da ƙarin zaɓuɓɓuka da yawa, waɗannan zasu zama masu rauni?)
Ban taɓa gwada djvu ba, yanzu na ɗan duba don ganin menene, kuma yana da ƙaramin abin da bana so a cikin wannan ƙaramin lokacin da na dube shi, ba za ku iya kwafin rubutun ba, tunda komai yana hoto. Ba na son shi ta wannan hanyar, galibi nakan kwafi abubuwa daga pdfs ɗin da na karanta.
Ban sani ba ko zan yi amfani da shi da yawa, ina tsammanin na fi son inganta tsarin pdf, wanda shine vector.
gaisuwa
Ya ƙaunataccen Marcos, maganganunku suna kan gaba. PDF tsari ne na mallakar kamfani, amma tun daga 1 ga Yuli, 2008 tsari ne na bude.
Ko ta yaya, gaskiya ne abin da kuka faɗa cewa wani lokacin abokan ciniki / masu karatu suna da alaƙa da shi. Misali bayyananne shine batun da aka ruwaito a wannan post.
Kuma a, Ba na son rashin iya kwafin rubutun .djvu ko dai. Duk da haka, a shafin Wikipedia na Turanci ya ce: «Don haka, maimakon matse harafi« e »a cikin font da aka bayar sau da yawa, sai ta matse harafin« e »sau ɗaya (a matsayin hoto mai matsi) sannan ta rubuta kowane wuri a shafin yana faruwa.
Zabi, ana iya tsara waɗannan siffofin zuwa lambobin ASCII (ko dai da hannu ko kuma ta hanyar tsarin gane rubutu), kuma a adana su cikin fayil din DjVu. Idan wannan taswirar ta wanzu, yana yiwuwa a zaɓi kuma a kwafe rubutu. » Wanda ke nufin cewa zaku iya zaɓar rubutu a cikin djvus.