Latest Breaking News On - Simon rohlmann - Page 1 : comparemela.com

Critical security flaws found in Office Open XML signatures

Researchers at Germany’s Ruhr University Bochum uncovered security flaws in Office Open XML (OOXML) signatures used in Microsoft Office and OnlyOffice.

Simon rohlmannMicrosoft office for windowsOffice openMicrosoft officeResearchers at germany ruhr university bochumRuhr university bochumOnlyoffice desktop

Office Open XML signatures are practically worthless

Office Open XML signatures are practically worthless
theregister.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from theregister.com Daily Mail and Mail on Sunday newspapers.

Christian mainkaDaniel hirschbergerVladislav mladenovSimon rohlmannInsecurity of microsoft officeMicrosoft office on windowsMicrosoft officeRuhr university bochumOffice for macOffice openOnlyoffice desktopMainz universityApplied sciencesOpendocument format

Contract killer: Certified PDFs can be secretly tampered with during the signing process, boffins find

For documents where the annotations that are allowed to be added are more limited, Sneaky Signature comes into play. The second person to sign the document can do so, and then use that process to add additional information. That is to say, rather than abuse annotations, the signing process is exploited. If a certified document is opened in a common PDF application, signatures can only be added to free signature fields provided by the certifier. Adding empty signature fields is normally no longer possible within the application, the paper states. However, the specification does not prohibit adding empty signature fields to a certified document. By using frameworks like Apache PDFBox2, empty signature fields can be placed anywhere in the document and filled with arbitrary content.

Vladislav mladenovChristian mainkaRuhr university bochum simon rohlmannEvil annotationSneaky signatureRuhr university bochumSimon rohlmann

Two new attacks break PDF certification

E-Mail IMAGE: IT experts at RUB have found several security issues with digital signatures for PDF documents over the past years. view more Credit: RUB, Kramer A security issue in the certification signatures of PDF documents has been discovered by researchers at Ruhr-Universität Bochum. This special form of signed PDF files can be used, for instance, to conclude contracts. Unlike a normal PDF signature, the certification signature permits certain changes to be made in the document after it has actually been signed. This is necessary to allow the second contractual party to also sign the document. The team from the Horst Görtz Institute for IT Security in Bochum showed that the second contractual party can also change the contract text unnoticed when they add their digital signature, without this invalidating the certification. The researchers additionally discovered a weakness in Adobe products that enables attackers to implant malicious code into the documents.

Simon rohlmannVladislav mladenovChristian mainkaData securitySneaky signature attackEvil annotation attackTechnology engineering computer scienceComputer scienceSystem security hackersதகவல்கள் பாதுகாப்புதொழில்நுட்பம் பொறியியல் கணினி அறிவியல்