FireEye Platform
- - Read About Advanced Cyber Threats >
  - Why Don't Traditional Defenses Work? >
  - Why FireEye? >
- White Paper
  
  Protecting Your Data, Intellectual Property, and Brand from Cyber Attacks
  
  Guide for CIOs, CFOs, and CISOs on why traditional security defenses are failing and how losing the security battle can hurt your business
  
  Download >
Products & Solutions
- - Threat Prevention Platforms
  - Network Security (NX Series)
  - Email Security (EX Series)
  - Content Security (FX Series)
  - Endpoint Security (HX Series)
  - Cloud-Based Platforms
  - Email Threat Prevention
  - Mobile Threat Prevention
  - Threat Analytics Platform
  - Forensics
  - Network Forensics (PX Series)
  - Forensic Analysis (AX Series)
  - Endpoint Forensics (MIR)
  - Subscriptions and Management
  - Managed Defense
  - Central Management (CM Series)
  - Dynamic Threat Intelligence (DTI)
- - Solutions
  - Data Center
  - Small and Midsize Businesses
  - Industry Solutions
  - Government
  - Pharmaceutical
  - Retail
  - Services
  - Mandiant Services
  - Resources
  - Visio Stencils
- Webcast
  
  Product Demo
  
  Inside look at stopping zero-day attacks and advanced persistent threats with FireEye
  
  View >
Info Center
- White Paper
  
  Advanced Targeted Attacks
  
  Look into the changing nature of today's advanced targeted attacks and why traditional IT security is inadequate
  
  Download >
Partners
- - Partner Login Required
  - Partner Enablement - The Fuel Station
  - Partner Portal
  - Education Center
- White Paper
  
  Spear Phishing Attacks
  
  Deep dive into spear phishing attacks and what is needed to combat this type of advanced threat
  
  Download >
News & Events
- Video
  
  The New Threat Landscape
  
  Insight into how FireEye is able to combat even the most sophisticated threats
  
  View >
Company
- Brochure
  
  FireEye Corporate Overview
  
  Overview of the FireEye product family which protects against advanced cyber attacks
  
  Download >

Blog

OMG-WTF-PDF Dénouement

February 2, 2011 | By Julia Wolf |

You may have heard something in the news about PDF recently… By the power of Google!

http://www.heise.de/security/meldung/27C3-Brandgefaehrliche-PDF-Dokumente-Update-1162122.html (The one that started it all)
http://www.h-online.com/security/news/item/27C3-danger-lurks-in-PDF-documents-Update-1162166.html (… auf Englisch)
http://it.slashdot.org/story/11/01/02/0231242/Detailing-the-Security-Risks-In-PDF-Standard (Basically the Heise article)
http://www.daemonforums.org/showthread.php?t=5507 (Links to Heise, like Slashdot)
http://m.io9.com/5731328/10-devious-new-ways-that-computer-hackers-can-control-your-machines-or-fix-them
http://66.71.254.238/2011/01/10/c3.html (A blog)
http://frutosdelcaos.blogspot.com/2010/12/idiosincrasias-de-pdf.html (Un blog en español)
http://blog.scrt.ch/2011/01/07/27c3-we-come-in-peace/ (Un blog en français)
http://trackback.fritz.de/2011/01/08/trb-210-27-chaos-communication-congress/ (A Podcast)
http://www.tablix.org/~avian/blog/archives/2010/12/27c3_wrap_up/ (A mention on another blog)
… and fifty zillion ever-so-slightly modified copies of the Heise Online news article. Some with creeping errors.
It is now abundantly clear that the major source for news is other news — negativland
https://encrypted.google.com/search?q=27c3+julia+wolf+pdf

I recently gave this presentation at the 27th Chaos Computer Congress in Berlin.
For some reason, the slides never made it from Pentabarf to the Fahrplan.
(They should be here: http://events.ccc.de/congress/2010/Fahrplan/attachments/1796_27C3_Julia_Wolf_OMG-WTF-PDF.pdf Curerntly 404, not by intent.) So first order of business, here are the long sought after slides:
27C3_Julia_Wolf_OMG-WTF-PDF.pdf
(I have had so many requests for these.)

Continue reading »