Sourcefire’s “What would you do with a pointer and a size?”

The Sourcefire Vulnerability Research Team (VRT) has an interesting project related to (near) real time detection of malicious data passing through an ingress/egress point.  Specifically they’re attempting to use this technology to detect malicious PDF’s.  Unfortunately right now you can’t scan the documents in real time without hurting the user experience.  Options would be to queue PDF’s until analyzed or attempt to post re-mediate malicious PDF’s that have been passed through (recall & purge).  They’ve released their real time framework and are looking for user snippets to perform detection of malicious data.  (think gluing some of Didier’s PDF analysis scripts together….)

*In case you’re unaware, Sourcefire is the maker of Snort IDS.

4 thoughts on “Sourcefire’s “What would you do with a pointer and a size?””

  1. Regarding malicious PDFs….

    Does the PDF viewer play a large role in determining end user vulnerability? I recently switched to the Windows version of Foxit Reader and have found it quicker to load both browser based and local documents.

    Like

    1. I’ve used Foxit and Sumatra on Windows and they definitely load faster than Acrobat. I don’t think we can say one is safer than another. Products with higher market share have more people scrutinizing them while those with less could have just as many unpublished vulnerabilities. Check out OSVDB

      Like

  2. Regarding malicious PDFs…. Does the PDF viewer play a large role in determining end user vulnerability?

    I recently switched to the Windows version of Foxit Reader and have found it much quicker to load both browser based and local documents.

    Like

  3. Regarding malicious PDFs….

    Does the PDF viewer play a large role in determining end user vulnerability? I recently switched to the Windows version of Foxit Reader and have found it quicker to load both browser based and local documents.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s