|
En esi sithuba sibalaseleyo ephume namhlanje Landela uLwazi, obona buthathaka bamva nobobunobungozi kwiiPDF buxeliwe, buqinisekisa oko sikuchazile iposti yethu izolo. Ndiza kukuxelela ukuziphatha kwebali: ngcono sebenzisa ifomati ye-DJVU yasimahla; Ikhuseleke ngakumbi kwaye yenza iifayile ezincinci, ezisemgangathweni ongcono ... ayinayo inkxaso "yesigebenga" esifana ne-Adobe. |
Kule mihla ijikeleza ihlabathi umsebenzi awenzileyo uDidier Stevens ukuqhuba iibhinari kuxwebhu lwePDF. Ubuchule, ukuba busetyenziswa Adobe Acrobat Reader, ibonisa umyalezo onokuthi, njengoko yena ngokwakhe esitsho, uguqulwe ngokuyinxenye. Kwi FoxIt, ngokuchaseneyo, akukho myalezo uboniswayo kwaye imiyalelo inokuphunyezwa ngaphandle kwesilumkiso.
Ubuchwephesha bulula, bulula, kwaye ke, buyingozi kakhulu, nangaphezulu, ukuba sithathela ingqalelo ukuba ifomathi yePDF yayiyeyona nto ithandwayo ngabaxhaphazi kulo nyaka uphelileyo, ifikelela kumanqanaba aphezulu okuxhatshazwa.
Ukubona oku, ndiye ndakhumbula ukuba kumanqaku amaninzi kwi-Intanethi, xa bethetha ngendlela yokusebenzisa ubuthathaka kwiPDF, bathetha izinto ezinje. "khangela inguqulelo yeAcrobat abayisebenzisayo, kunye neFOCA, umzekelo" wandule ukwakha ukuxhaphaza. I-FOCA ehluphekayo ibambelele kwezo zityalo zeqanda ...
Into efana naleyo yayiyidemo esiyilungiselele uSuku loKhuseleko, apho sathatha ithuba lokuba sesichengeni kwi-Acrobat Reader (kubandakanywa noguqulelo 9) ukufumana iShell ekude kwikhompyuter esengozini. Ubuthathaka obuxhatshaziweyo buhlelwa njengo I-CVE-2009-0927 kunye nokusebenza kwayo kuvumela nawuphi na umyalelo ukuba uphunyezwe. Ukuba isoftware isengozini, uya kufumana umyalezo ofana nalowo ubonwe kulo mfanekiso ulandelayo:
Kwaye ukuxhaphaza esikusebenzisileyo kuphinda kuqondise iShell kwi-IP kunye nezibuko apho sibeke i-netcat ukuba imamele.
Kakade ke, kumatshini oxhatshaziweyo inkqubo ye-Acrobat Reader isaqhuba, iphendula kwimiyalelo yakwaShell.
Ukubona ukuba ziyingozi kangakanani na izenzo zePDF, ndaye ndagqiba kwelokuba ndizilayishe kwiVirusTotal ukuze ndibone ukuba ziziphatha njani ii-injini ze-antivirus kwezi zinto zixhaphakileyo kumaxwebhu ePDF. Kubaluleke ngakumbi ukuqwalasela ukuziphatha kwayo ukuba sithetha nge-injini esetyenziswa kumphathi we-imeyile okanye kwindawo yokugcina amaxwebhu, kuba ikuloo mimandla apho amaninzi amaxwebhu e-PDF ahamba khona. Isiphumo, ngolu hlobo lokuxhaphaza, lwalungekho lubi, kodwa kwakumangalisa ukuba kusekho inani elihle leenjini ezingazange zibhaqe, kodwa ipesenti ayifikeleli kwi-50% kwaye, ezinye zazo, zibetha njengeKaspersky, McAffe okanye Fortinet.
Ngomdla wokwazi, kuye kwafika kum ukuba ndisebenzise ipakethe yefayile ukwenza izinto eziphunyezwayo, ezifanayo nentanda yethu. isidibanisi esibomvu yeThor, kodwa ngemisebenzi embalwa ebizwa Hee kwaye kwakukho ibonwa kwiCyberhades, ukubona ukuba iinjini ze-antimalware zenze ntoni xa sibeka i-pdf exploit ngaphakathi kwepakethe kunye nolwandiso lwe-exe.
Oku kuphunyezwayo okutsha, xa kusenziwa, kuphehlelela uxwebhu nge-pdf exploit. Ezinye iindlela ezithe zathi qatha engqondweni yam zezi: A) bayayikhupha baze abantu bangaphambili bayibhaqe baze B) baye ngqo ukubhaqa okungaphakathi baze batyikitye umpakishi.Noko ke, isiphumo sasimangalisa.
Kuphela si-2 kwabangama-42 abayibhaqileyo, i-1 njengento ekrokrisayo kwaye yiVirusBuster kuphela eyayiyazi ifomathi, kwaye yathatha inkathazo, ukuyikhupha imixholo ukuyiskena.
Emva kokubona oku, kubonakala kufanelekile kum ukuba iMicrosoft kunye ne-Adobe bacingela ukuhlaziya isoftware ngoHlaziyo lweWindows kwaye iMicrosoft ivule iqonga layo leeNkonzo zoHlaziyo lweWindows ukudibanisa ezinye izisombululo ezinje ngearhente yoHlaziyo lweWindows kwiarhente yoHlaziyo yeWindows. Secunia CSI, esebenza noMphathi woLungiselelo lweZiko leNkqubo kunye ne-WSUS.
Mamela kum, ngcono sebenzisa ifomati ye-DJVU yasimahla- Ikhuseleke ngakumbi kwaye yenza iifayile ezincinci, ezingcono.
Umthombo: Landela uLwazi
Ingcaciso: I-PDF ikwayifomathi yasimahla.
Kwaye kuya kufuneka sibone ukuba iphoso likabani na, nokuba ifomati (PDF) okanye iinkqubo (Acrobat Reader, Foxit, njl.) hayi Kuthetha ukuba akukho nkqubo zilungileyo ukuba oku kungenzeki kubo (wonke umntu usebenzisa iAcrobat okanye iFoxit, kodwa kwiLinux sinokhetho oluninzi, ngaba ezi zinokuba semngciphekweni?)
Zange ndazama i-djvu ngoku ndiyijonge kancinci ukuba yintoni, kwaye inento encinci endingayithandiyo kweli xesha lincinci endiliqapheleyo, awukwazi ukukopa umbhalo, kuba yonke into ingumfanekiso. Andiyithandi ngolo hlobo, ndidla ngokukopa izinto kwiiPDF endizifundileyo.
Andazi ukuba ndingayisebenzisa kakhulu, ndicinga ukuba ndikhetha ifomathi ye-pdf ukuba iphuculwe, eyivector.
mbuliso
UMarcos othandekayo, izimvo zakho zichanekile. I-PDF yayiyifomathi yobunikazi, kodwa ukusukela nge-1 kaJulayi, 2008 yifomathi evulekileyo.
Ngapha koko, yinyani into oyithethayo ukuba ngamanye amaxesha abathengi / abafundi banento eninzi yokwenza nayo. Umzekelo ocacileyo yimeko echazwe kule post.
Kwaye ewe, andithandi ukungakwazi ukukhuphela okubhaliweyo kwi .djvu nokuba. 🙁 Nangona kunjalo, kwiphepha le-Wikipedia yesiNgesi ithi: "Ke ngoko, endaweni yokucinezela unobumba "e" kwifonti enikiweyo amaxesha amaninzi, icinezela unobumba "e" kanye (njengomfanekiso ocinezelweyo) emva koko urekhode indawo yonke. kwiphepha iyenzeka.
Ngokhetho, ezi milo zinokumatshwa kwiikhowudi ze-ASCII (nokuba luqwalaselo ngesandla okanye olunokwenzeka yinkqubo yokubhaliweyo), kwaye zigcinwe kwifayile ye-DjVu. Ukuba le mephu ikhona, kuyenzeka ukuba ukhethe kwaye ukope umbhalo.» Okuthetha ukuba ungakhetha okubhaliweyo kwi-djvus.