Friday 22 December 2023

Biodynamic Gardening Guide: Definition, Key Principles, Best Practices, Benefits, Tools and Preparations

Biodynamic gardening offers a profound approach to cultivating the earth, resonating with ancient wisdom and modern ecological consciousness. It transcends conventional organic practices by fostering a holistic understanding of the garden as a living organism, intertwined with the rhythms of nature and the cosmos. Embracing this philosophy nurtures vibrant, nutrient-rich produce while promoting a deeper connection to the natural world.

Key Principles of Biodynamic Gardening

1. Understanding the Farm as a Living Organism:

  • Biodynamics views the farm or garden as an interconnected entity, where soil, plants, animals, and cosmic forces collaborate in a delicate dance of life.
  • Nurturing this interconnectedness is paramount, ensuring a synergistic balance that promotes vitality and resilience.

2. Strengthening the Soil:

  • Biodynamic preparations, meticulously crafted from natural substances, act as catalysts for soil health.
  • These preparations invigorate microbial life, enhance fertility, and promote a thriving soil ecosystem—the foundation for robust plant growth.

3. Aligning with Cosmic Rhythms:

  • Biodynamics recognizes the profound influence of celestial rhythms on plant growth.
  • Planting, cultivating, and harvesting in harmony with lunar cycles, planetary alignments, and seasonal transitions optimizes plant vitality and yields.

4. Embracing Biodiversity:

  • Biodynamic gardens embrace diversity, fostering a tapestry of plant species, insect life, and beneficial organisms.
  • This biodiversity fosters resilience, thwarts pests, and creates a harmonious ecosystem where each element contributes to the garden's overall health.

Essential Practices for Biodynamic Gardening Success

1. Composting: The Heart of Soil Fertility

  • Biodynamic composting is a meticulous art, transforming organic matter into a nutrient-rich elixir for the soil.
  • Specific preparations, such as BD500 and BD502, enhance compost vitality, accelerating decomposition and enriching the soil's microbial life.

2. Planting by the Moon and Stars:

  • Biodynamic planting calendars guide gardeners to align sowing and harvesting with auspicious cosmic rhythms.
  • This practice is believed to optimize plant growth, nutrient uptake, and flavor development.

3. Fostering Biodiversity:

  • Intercropping, companion planting, and cultivating a diversity of species create a vibrant ecosystem that benefits all inhabitants.
  • Beneficial insects thrive, pests are kept in check, and the garden becomes a resilient, self-sustaining microcosm.

4. Honoring Animals and Their Role:

  • Biodynamic farms often integrate livestock, recognizing their crucial role in nutrient cycling, soil fertility, and overall farm health.
  • Animals contribute manure for compost, grazing for weed control, and their unique energy to the farm's ecosystem.

The Rewards of Biodynamic Gardening

1. Nutrient-Rich, Flavorful Produce:

  • Biodynamic practices yield produce that is not only free of chemicals but also brimming with vitality and flavor.
  • The heightened nutrient density and vibrant energy of biodynamically grown food are often palpable to those who consume it.

2. Deeper Connection to Nature:

  • Biodynamic gardening cultivates a profound sense of connection to the natural world, fostering respect for the delicate balance of life forces that sustain us.
  • This intimate relationship with nature enriches both the gardener and the garden, fostering a sense of stewardship and gratitude.

3. A Path to Regeneration:

  • Biodynamic principles offer a roadmap for healing the Earth and restoring vitality to our food systems.
  • By nourishing the soil, honoring biodiversity, and embracing cosmic rhythms, we can participate in a movement that nurtures life and promotes a thriving planet for generations to come.

Delving Deeper into the Cosmos: Advanced Biodynamic Techniques

We've established the core principles and practices of biodynamic gardening, but the journey doesn't end there. For those seeking to truly connect with the cosmic rhythms and unlock the full potential of their gardens, several advanced techniques await exploration.

Honing Your Sensitivity to Cosmic Forces

1. Observing the Subtle: Planetary Influences

Each planet in our solar system exerts a unique influence on plant growth. For example:

  • Mars: Associated with vitality and action, Mars days are ideal for seeding fast-growing plants like lettuce and radishes.
  • Venus: Ruling over love and beauty, Venus days favor planting flowering ornamentals and nurturing delicate fruits.
  • Saturn: Known for structure and boundaries, Saturn days are well-suited for tasks like transplanting seedlings and pruning woody plants.

By keeping a keen eye on planetary movements and aligning your gardening activities accordingly, you can tap into these subtle cosmic forces and potentially enhance your yields and harvest quality.

2. Harnessing the Moon's Cycles: The Biodynamic Sowing Calendar

The moon's waxing and waning phases have long been recognized as potent influences on plant growth. Biodynamic sowing calendars, meticulously crafted to correspond with these lunar cycles, offer detailed guidance for optimal planting times.

  • Root Days: During the waning moon, focus on planting root vegetables like carrots, potatoes, and beets. The downward pull of the moon's gravity is believed to encourage vigorous root development.
  • Leaf Days: Under the waxing moon, prioritize leafy greens like lettuce, spinach, and kale. The moon's upward pull is thought to stimulate lush foliage growth.
  • Flower Days: The days surrounding the full moon are auspicious for sowing flowering plants, fruit trees, and herbs. The moon's heightened energy is believed to promote vibrant blooms and bountiful harvests.

3. Rhythms of the Zodiac: A Deeper Dive

For the truly dedicated biodynamic gardener, delving into the specific influences of the zodiacal constellations can add another layer of complexity and potential benefit. Each constellation is associated with different plant parts and qualities, offering further guidance for aligning your gardening activities with cosmic rhythms.

For instance, planting tomatoes under the sign of Leo (associated with fire and fruit) or sowing leafy greens under Libra (linked to air and balance) might be seen as particularly auspicious choices. However, mastering this level of astrological integration requires dedication and ongoing study.

Tools and Preparations for the Advanced Biodynamic Gardener

1. The Seven Preparations: Catalysts for Life

Biodynamic preparations are potent natural concoctions crafted from specific plant and animal materials. These preparations, numbered BD500 through BD507, each address different aspects of soil health and plant vitality.

  • BD500 (Horn manure): Enhances soil fertility and humus formation.
  • BD501 (Horn silica): Strengthens plant stems and resistance to disease.
  • BD502 (Cow manure): Stimulates composting and microbial activity.
  • BD503 (Chamomile): Promotes flower formation and fruit quality.
  • BD504 (Nettle): Enhances leaf growth and chlorophyll production.
  • BD505 (Oak bark): Strengthens root systems and resistance to pests.
  • BD506 (Dandelion): Balances soil moisture and nutrient uptake.

Mastering the application and timing of these preparations takes time and experience, but their potential to invigorate your garden and elevate your biodynamic practice is significant.

2. The Dowsing Rod: Intuition Meets Practicality

The dowsing rod, a simple Y-shaped tool, can be used to intuitively locate underground water sources, ley lines (energetic lines in the Earth), and even compost piles with optimal activity. While its scientific validity is debated, many biodynamic gardeners swear by the dowsing rod as a valuable tool for connecting with the subtle energies of the land.

Conclusion: A Lifelong Journey with Biodynamic Gardening

Biodynamic gardening is not merely a set of techniques; it's a lifelong journey of observation, experimentation, and deepening connection with the natural world. As you delve deeper into its principles and practices, you'll witness firsthand the vibrant life force coursing through your garden, responding to your care and resonating with the rhythms of the cosmos.

--
You received this message because you are subscribed to the Google Groups "Broadcaster" group.
To unsubscribe from this group and stop receiving emails from it, send an email to broadcaster-news+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/broadcaster-news/a59c6fa9-0bb9-42af-a418-4e4b64ecd723n%40googlegroups.com.
Posted by at No comments:

Tuesday 12 December 2023

Titans Stage Miraculous Comeback to Stun Dolphins on Monday Night Football

In one of the most incredible comebacks of the NFL season, the Tennessee Titans stunned the Miami Dolphins 28-27 on Monday Night Football. With less than three minutes remaining in the game and trailing by 14 points, the Titans unleashed a furious rally that culminated in a game-winning touchdown with just seconds left on the clock.

The victory was a monumental one for the Titans, who improved to 5-8 on the season and kept their playoff hopes alive. It also dealt a major blow to the Dolphins, who had been riding high atop the AFC East and were considered one of the favorites to reach the Super Bowl.

Dolphins Dominate Early

The Dolphins seemed poised to cruise to victory early on. Quarterback Tua Tagovailoa was sharp, completing 20 of his 25 passes for 267 yards and two touchdowns. Running back Jeff Wilson Jr. also had a strong performance, rushing for 112 yards and a touchdown.

The Titans, on the other hand, struggled offensively for much of the game. Rookie quarterback Will Levis looked shaky at times, completing only 15 of his 30 passes for 187 yards. The Titans also committed several costly penalties, which helped the Dolphins maintain momentum.

Titans Mount Improbable Comeback

With the Dolphins leading 27-13 late in the fourth quarter, it appeared that the Titans were headed for defeat. However, Levis led the Titans on a pair of remarkable touchdown drives in the final minutes of the game.

The first scoring drive was capped off by a 15-yard touchdown pass from Levis to wide receiver Treylon Burks with 1:50 remaining. On the ensuing two-point conversion attempt, Levis found tight end Austin Hooper for the score, cutting the Dolphins' lead to 27-21.

Following a Miami punt, Levis and the Titans offense went back to work. Levis completed passes of 19 and 15 yards to move the ball into Dolphins territory. With just seconds remaining on the clock, Levis delivered a strike to wide receiver Nick Westbrook-Ikhine in the end zone for the game-winning touchdown.

Levis Shines in the Spotlight

Levis, who was making just his third career start, was the hero of the game for the Titans. He finished with 327 passing yards and two touchdowns, displaying a poise and clutchness that belied his rookie status.

"I'm just so proud of our guys," Levis said after the game. "We never gave up, even when things looked bleak. We just kept fighting, and it paid off in the end."

Dolphins Left to Rue Missed Opportunities

The Dolphins were left to rue their missed opportunities after the game. They had several chances to put the game away in the fourth quarter, but they were unable to capitalize.

"We just made too many mistakes," Dolphins coach Mike McDaniel said. "We had a chance to win this game, but we didn't take advantage of it. We need to learn from our mistakes and move on."

What's Next for Both Teams?

The Titans will look to build on their momentum when they host the Jacksonville Jaguars on Sunday. The Dolphins, meanwhile, will try to get back on track when they travel to face the Buffalo Bills.

Historic Comeback

The Titans' comeback was one of the most memorable in recent NFL history. It was the first time since 2003 that a team had overcome a 14-point deficit in the final three minutes of a game and won in regulation.

The victory also proved that the Titans are a team that can never be counted out. Despite their up-and-down season, they remain in the thick of the AFC playoff race.

Conclusion

The Titans' thrilling comeback victory over the Dolphins was a testament to the power of perseverance and never giving up. It was a game that will be remembered for years to come, and it served as a reminder that anything is possible in the NFL.

Key Statistics:

  • Titans: 327 passing yards, 2 touchdowns
  • Dolphins: 267 passing yards, 2 touchdowns, 112 rushing yards, 1 touchdown
  • Titans: 5-8 record
  • Dolphins: 9-5 record

Additional Notes:

  • The Titans were without star running back Derrick Henry for the second straight game.
  • The Dolphins were also without several key players, including wide receiver Jaylen Waddle and safety Jevon Holland.
  • The game was played at Hard Rock Stadium in Miami Gardens, Florida.
  • The attendance was 75,417.
 

--
You received this message because you are subscribed to the Google Groups "Broadcaster" group.
To unsubscribe from this group and stop receiving emails from it, send an email to broadcaster-news+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/broadcaster-news/f35d98ca-2075-4993-8f9d-e71145a3fe73n%40googlegroups.com.
Posted by at No comments:

Sunday 10 December 2023

Electroculture Antenna: A Guide to Everything You Need to Know

Electroculture is a fascinating and growing field of agriculture that uses electric fields to stimulate plant growth. One of the key components of an electroculture system is the electroculture antenna. In this article, we will discuss everything you need to know about electroculture antennas, including what they are, how they work, and how to build your own.

References:


What is an electroculture antenna?

An electroculture antenna is a device that is used to create an electric field in the air. This electric field can then be used to stimulate the growth of plants. Electroculture antennas can be made from a variety of materials, including copper wire, aluminum foil, and even cardboard.

How do electroculture antennas work?

When an electric current is passed through an electroculture antenna, it creates an electric field around the antenna. This electric field can then be used to stimulate the growth of plants in a number of ways.

  • Increased cell division: The electric field can cause plant cells to divide more rapidly, which can lead to faster growth.
  • Improved nutrient uptake: The electric field can also help plants to absorb nutrients from the soil more efficiently.
  • Increased chlorophyll production: Chlorophyll is the pigment that gives plants their green color. The electric field can help plants to produce more chlorophyll, which can lead to increased photosynthesis and growth.
  • Enhanced disease resistance: The electric field can help plants to resist diseases by activating their immune systems.

How to build your own electroculture antenna

There are many different ways to build an electroculture antenna. One simple method is to use copper wire to create a spiral coil. The coil should be about 1 foot in diameter and 6 inches tall. The coil can then be mounted on a wooden stake and placed in the ground near your plants.

Benefits of using electroculture antennas

There are many benefits to using electroculture antennas. Some of the most common benefits include:

  • Increased yields: Studies have shown that electroculture antennas can increase yields by up to 30%.
  • Improved crop quality: Electroculture antennas can help to improve the quality of crops by making them more resistant to pests and diseases.
  • Reduced need for pesticides: Electroculture antennas can help to reduce the need for pesticides by making plants more resistant to pests.
  • More sustainable agriculture: Electroculture is a more sustainable form of agriculture than traditional methods because it does not rely on the use of chemicals.

Here are some additional tips for using electroculture antennas:

  • The best time to use electroculture antennas is during the growing season.
  • The antennas should be placed near the plants, but not so close that they touch the leaves.
  • The antennas should be turned on for at least 8 hours per day.
  • It is important to experiment with different antenna designs and configurations to find what works best for your specific plants and growing conditions.

Conclusion

Electroculture antennas are a simple and effective way to improve the growth of your plants. If you are looking for a way to increase your yields and improve the quality of your crops, then electroculture may be a good option for you.

--
You received this message because you are subscribed to the Google Groups "Broadcaster" group.
To unsubscribe from this group and stop receiving emails from it, send an email to broadcaster-news+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/broadcaster-news/bb9a9054-b8bf-42cc-b489-73415fa4e515n%40googlegroups.com.
Posted by at No comments:

You have been added to Broadcaster

Hi articlewritingboyear.boyeararticle@blogger.com,
710raquino@student.angelina.edu added you to the Broadcaster group.
About this group

We are providing some of the most trending topics online.

Google Groups allows you to create and participate in online forums and email-based groups with a rich community experience. You can also use your Group to share documents, pictures, calendars, invitations, and other resources. Learn more.

If you do not wish to be a member of this group you can send an email to broadcaster-news+unsubscribe@googlegroups.com or follow this unsubscribe link. If you believe this group may contain spam, you can also report the group for abuse. For additional information see our help center.

If you do not wish to be added to Google Groups in the future you can opt out here.
Posted by at No comments:

Monday 26 June 2023

Fix WordPress Issues : article-writing-power.blogspot.com

Hi article-writing-power.blogspot.com Owner, 

 

I will do Any WordPress, PHP, HTML, CSS, Responsive Related work for you article-writing-power.blogspot.com.

 

I can work for you:

  • Fix blank WordPress issue
  • Fix any PHP, HTML, CSS, Responsive
  • Theme installation/customization in WordPress
  • CSS Designing Bug
  • WordPress Plugin setup/configuration
  • Remove unnecessary meta-data
  • Change the Permalink Structure
  • Enable/Disable HTML in WP comments
  • Favicon & Logo customization
  • Improve the Security of your WordPress/PHP website
  • Shopping cart integration
  • Fix Errors on the WP Login screen
  • Fix any type of common WordPress Errors
  • Product Uploading Work                                                                                                                                                                                                                    If you are interested any services? I can send you more details on the action/portfolio/past work details/price list. 

 

Regards,

Urlic Ortega,

 

Web Development Manager, 

-----------------------------------------------------

       Note: If you are not interested, please

      Click here to unsubscribe 

beacon
Posted by at No comments:

Monday 5 June 2023

Shadow Attacks: Hiding And Replacing Content In Signed PDFs

Last year we presented How to Spoof PDF Signatures. We showed three different attack classes. In cooperation with the CERT-Bund (BSI), we contacted the vendors of affected PDF applications to inform them about the vulnerabilities and to support them in developing countermeasures. Most vendors reacted promptly and closed the reported vulnerabilities promptly.
One of those three attack classes was Incremental Saving Attacks (ISA). The proposed countermeasures aimed to distinguish PDF objects appended to the file via updates into dangerous and non-dangerous. In other words, black and whitelisting approaches were used. 

Naturally, this countermeasure succeeds as long as the PDF update contains evil objects. So we came up with the idea to attack PDFs with only non-dangerous updates. We achieve this by adding invisible, malicious content when creating the PDF document (before it is signed) and to reveal them after signing.
Today, we present Shadow Attacks! Our evaluation of 28 PDF applications reveals that 15 of them, including Adobe Acrobat and Foxit Reader, are vulnerable.
We responsibly disclosed all affected vendors. Together with the CERT-Bund (BSI), we supported the vendors in developing suitable countermeasures. The attacks are documented in CVE-2020-9592 and CVE-2020-9596.
Full results are available in our vulnerability report and on our website.

What are PDF signatures used for and what is the legal status?

PDFs can be secured against manipulations by using digital signatures. This feature enables use-cases such as signing contracts, agreements, payments, and invoices. Regulations like the eSign Act in the USA or the eIDAS regulation in Europe facilitate the acceptance of digitally signed documents by companies and governments. Asian and South American countries also accept digitally signed documents as an equivalent to manually signed paper documents. Adobe Cloud, a leading online service for signing PDF documents, provided 8 billion electronic and digital signature transactions in 2019. The same year, DocuSign processed 15 million documents each day.

What could a Simple Signing Process look like?
The process of digitally signing a contract involves multiple entities and can look as follows: The PDF contract is prepared by the collaborators. The collaborators can be lawyers, designers, typewriters, or members of different companies. Finally, the contract is digitally signed.

PDF Structure and Signature Basics


A PDF consists of three parts: Body, Xref table, and Trailer

The PDF is a platform-independent document format. It starts with a Header, to set the version, and is followed by three main parts, as depicted in the figure.
The first part defines the PDF Body. It contains different objects, which are identified by its object number. The most important object is the root object, which is called the Catalog. In the figure, the Catalog has the object identifier 1 0. The Catalog defines the whole PDF structure by linking to other objects in the Body. In the example given, the Catalog links to form object AcroForm, to some PDF MetaData, and to actual PDF Pages. The latter can reference multiple Page objects, which in turn reference, for example, the actual Content, Font, and Images.
The second part of the PDF is the Xref table. It contains references to the byte positions of all objects used in the PDF Body.
The third part is the Trailer. It consists of two further references: one to the byte position at which the Xref table starts, and another link to the identifier of the root object (1 0).

Incremental Updates and Digitally Signing a PDF
The content of a PDF may be updated for different reasons, for example, by adding review comments or by filling out PDF forms. From a technical perspective, it is possible to add this new content directly into the existing PDF Body and add new references in the Xref table. However, this is not the case according to the PDF specification. Changes to a PDF are implemented using Incremental Updates. An Incremental Update adds new objects into a new PDF Body, which is directly appended after the previous Trailer as shown in the figure to the right. To adequately address the new objects, a new Xref table and Trailer are also appended as well for each Incremental Update. Summarized, a PDF can have multiple Bodies, Xref tables, and Trailers, if Incremental Update is applied.
For protecting the integrity and the authenticity of a PDF, digital signatures can be applied. For this purpose, a Signature object is created and appended to the PDF by using Incremental Update. It is also possible to sign a PDF multiple times (e.g., a contract), resulting in multiple Incremental Updates. The Signature object contains all relevant information for validating the signature, such as the algorithms used and the signing certificate. Once a PDF containing a PDF Signature is opened, the viewer application automatically validates the signature and provides a warning if the content has been modified.

Shadow Attacks

The main idea of the attacks is that the attackers prepare a PDF document containing invisible content. Afterward, the document is sent to a signing entity like a person or a service which reviews the document, signs it and sends it back to the attackers. Despite the integrity protection provided by the digital signature, the attackers can make modifications to the document and change the visibility of the hidden content. Nevertheless, the manipulation is not detected. The digital signature remains valid. Finally, the attackers send the modified signed document to the victim. Although the document is altered, the signature validation is successful, but the victims see different content than the signing entity.

Do the Attacks match a Real-World Scenario?

Of course! In companies and authorities, relevant documents like contracts or agreements are often prepared by the employees who take care of most of the details and technicalities. The document is then signed by an authorized person after a careful review. Another scenario is the signing process of a document within a consortium. Usually, one participant creates the final version of the document, which is then signed by all consortium members. Considering the given examples, an employee or consortium member acting maliciously can hide invisible shadow content during the editing. Consequentially, this content will be signed later.
Additionally, multiple cloud signing services like Adobe Cloud, DocuSign, or Digital Signature Service exist. Among other functionalities, such services receive a document and sign it. This process can also be used also to sign shadow documents.

Different Attack Classes of Shadow Attacks

Shadow Attacks can be divided into the three attack classes Hide, Replace, and Hide-and-Replace, as shown in the figure below. Each class offers the possibility of taking a significant influence on the content of a signed PDF document. In the following, we describe the functionality of the individual classes in more detail.


Shadow Attack: Hide

The concept of this class of shadow attacks is to hide the content relevant for the victims behind a visible layer. For example, the attackers can hide the text "You are fired!" behind a full-page picture showing "Sign me to get the reward!". Once the attackers receive the signed document, they manipulate the document in such a way that the picture is no longer rendered by the viewer application. Hide attacks have two advantages from the attackers' perspective:
  1. Many viewers show warnings if new visible content is added using an Incremental Update. However, they do not warn in most cases if content is removed.
  2. The objects are still accessible within the PDF. In the example above, the text "You are fired!" can still be detected by a search function. This might be important if an online signing service is used and it reviews the document by searching for specific keywords. We identified two variants of this attack class.
Hiding Content via Page.
This attack variant uses an Incremental Update to create a new Page object. It contains all previously used objects except for the overlay, for example, the image. This attack variant is depicted on the left side of figure above.
Hiding Content via Xref.
If the viewer application does not accept changes to PDF structuring objects, such as Page, Pages, or Contents, the second attack variant can be applied. This variant directly affects the overlay object. The simplest method for this is to create an Incremental Update, which only updates the Xref table by setting the overlay object to free. However, making this change is interpreted as a dangerous in many viewers (e.g., Adobe) and an error or a warning is thrown. For this reason, we use another approach: we use the same object ID within the Incremental Update, but we define it as a different object type. For example, we change the overlay type Image to XML/Metadata.
When opening this manipulated document, the overlay is hidden because Metadata cannot be shown. Since adding Metadata to a signed PDF using Incremental Update is considered harmless, the signature remains valid.

Shadow Attack: Replace

In this attack class, specific content of the PDF document is to be exchanged. The first variant uses the visual properties of text fields for this purpose. The second variant is based on a fatal misconception that fonts cannot be used for manipulation purposes.
Replace via Overlay.
This attack targets an interactive feature in PDFs: interactive forms. Forms support different input masks (e.g., text fields, text areas, radio/selection buttons) where users dynamically enter new content and store it in the PDF document. The main idea of the attack is to create a form, which shows one value before (PDF1) and after signing (PDF2), as illustrated on the leftside in the figure below. After the attackers manipulate the PDF and create PDF3, different values are shown in the form (and can be seen on the right side of the figure below). The attack abuses a special property of PDF text fields. A text field can show two different values: the real field value and an overlay value which disappears as soon as the text field is selected. The real value of a form field is contained in an object key named /V. The content of the overlay element is defined within a /BBox object. The /BBox object is comparable to the hint labels known from HTML forms; for example, the hint username to indicate that the username should be entered into a specific login field. In contrast to HTML, in PDF there is no visual difference between the hint and the actual value.


In summary, we can say that this variant allows attackers to manipulate the contents of the text fields for the visible layer arbitrary. As shown in the figure above, this can be used, for example, to maliciously redirect a payment.
Replace via Overwrite.
The main idea of this variant is to append new objects to the signed document which are considered harmless but directly influence the presentation of the signed content. As shown in figure of the three attack classes, the attackers prepare a shadow document that defines a font and includes its description into the document. The font is used for the presentation of specific content. After the document is signed, the attackers append a new font description and overwrite the previous description.  The definition of new fonts is considered harmless, because of that, the applications verifying the signature do not show any warning regarding the made changes. For instance, the (re)definition of fonts does not change the content directly. However, it influences the view of the displayed content and makes number or character swapping possible.

Shadow Attack: Hide-and-Replace

In this attack class, the attackers create a shadow PDF document that is sent to the signers. The PDF document contains a hidden description of another document with different content. Since the signers cannot detect the hidden (malicious) content, they sign the document. After signing, the attackers receive the document and only append a new Xref table and Trailer. Within the Xref table, only one change takes place: the reference to the document Catalog (or any other hidden object), which now points to the shadow document.
In fact, the document contains two independent content paths. One path to show the signer harmless content, and one path with malicious content that replaces the first content after it is signed and activated by the attackers. The figure above visually illustrates the described relationships once again.
This attack variant is the most powerful one since the content of the entire document can be exchanged, including text content, forms, fonts, and annotations. The attackers can build a complete shadow document influencing the presentation of each page and each object.

Evaluation

Overall, 15 out of 28 PDF viewing applications were vulnerable to at least one presented attack. Surprisingly, for 11 PDF viewers, all three attack classes were successful. The Table shows that some applications have limited vulnerabilities. These applications respond to any type of Incremental Update with a post-signature modification note, including modifications that are allowed due to the specification. We have evaluated the latest (at the time of evaluation) available versions of the applications on all supported desktop platforms: Windows, macOS, and Linux.

Evaluation results.


Authors of this Post

Simon Rohlmann 
Christian Mainka
Vladislav Mladenov
Jörg Schwenk

Acknowledgments

Many thanks to the CERT-Bund (BSI) team for the great support during the responsible disclosure. We also want to acknowledge the teams of the vendors which reacted to our report and fixed the vulnerable implementations.

Continue reading

  1. Top Pentest Tools
  2. Hack And Tools
  3. Best Hacking Tools 2019
  4. Hacks And Tools
  5. Hack Tools Github
  6. Pentest Reporting Tools
  7. Pentest Tools Review
  8. Hacker Tools Free Download
  9. Hacker Tools Free Download
  10. Hacking Tools 2019
  11. Bluetooth Hacking Tools Kali
  12. Nsa Hack Tools Download
  13. Termux Hacking Tools 2019
  14. Pentest Tools
  15. Pentest Tools Tcp Port Scanner
  16. Hack Tool Apk No Root
  17. Pentest Tools Port Scanner
  18. Hacker Security Tools
  19. Hack Tools For Mac
  20. Easy Hack Tools
  21. Pentest Tools
  22. Hack And Tools
  23. Hacking Tools Github
  24. Pentest Tools Linux
  25. Hacking Tools Download
  26. Hack Tools Github
  27. Pentest Tools For Windows
  28. Hack Tools For Ubuntu
  29. Pentest Tools Kali Linux
  30. Nsa Hacker Tools
  31. How To Make Hacking Tools
  32. Hacking Apps
  33. Hack Tool Apk
  34. Hack Tools Mac
  35. Free Pentest Tools For Windows
  36. Pentest Tools Android
  37. Hack Tools For Games
  38. How To Hack
  39. Hacker Tools 2020
  40. Hacker Tools For Mac
  41. World No 1 Hacker Software
  42. Hacks And Tools
  43. Pentest Tools Github
  44. Tools For Hacker
  45. Pentest Reporting Tools
  46. Hack Tools
  47. Pentest Tools Bluekeep
  48. Hack Tools Online
  49. Hacker Tools For Pc
  50. How To Make Hacking Tools
  51. Hacking Tools
  52. Pentest Tools Download
  53. Game Hacking
  54. Hacking Apps
Posted by at No comments:
Subscribe to: Posts (Atom)