Re: [ga] Proposal: ICANN should cease acceptance of PDF, DOC and other attachments from public comments

[Hugh Dierker <hdierker2204@xxxxxxxxx>]

Finally had a chance to see what your fuss is about George.  Very interesting 
indeed. Amazing figures. 60-70-80% of maliciousness went through PDF. 
Incredible --- ooops, incredible until you looked and saw that those were the 
same numbers and % of attachments sent as PDF.  lets see - Most water that is 
polluted is H2O. Therefor we should get rid of H2O.

--- On Wed, 2/17/10, George Kirikos <gkirikos@xxxxxxxxx> wrote:


From: George Kirikos <gkirikos@xxxxxxxxx>
Subject: Re: [ga] Proposal: ICANN should cease acceptance of PDF, DOC and other 
attachments from public comments
To: "GNSO GA Mailing List" <ga@xxxxxxxxxxxxxx>
Date: Wednesday, February 17, 2010, 7:30 AM



Hi folks,

Following up on a thread from a couple of weeks ago, there's a story on 
Slashdot today that says 80% of exploits now come from rogue PDF files:

http://it.slashdot.org/story/10/02/17/141228/Rogue-PDFs-Behind-80-of-Exploits-In-Q4-09

If ICANN wants some low hanging fruit to demonstrate concern for security, they 
should limit public comments to plain text immediately, and disallow 
attachments.

Sincerely,

George Kirikos
http://www.leap.com/

--- On Sun, 1/24/10, George Kirikos <gkirikos@xxxxxxxxx> wrote:

> From: George Kirikos <gkirikos@xxxxxxxxx>
> Subject: [ga] Proposal: ICANN should cease acceptance of PDF, DOC and other 
> attachments from public comments
> To: "GNSO GA Mailing List" <ga@xxxxxxxxxxxxxx>
> Date: Sunday, January 24, 2010, 1:03 PM
> 
> Hi folks,
> 
> Given the numerous vulnerabilities in attachment formats,
> including PDF:
> 
> http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html
> 
> I propose that ICANN cease to accept all public comments
> that are in any format other than ASCII or Unicode text.
> 
> The public tends to read the comments of others who've
> posted on the comment archives, and it would be very easy
> for a malevolent individual or group to hack those who read
> the public comments. Since ICANN staff themselves read
> public comments, it would not take much for an attacker to
> take advantage of this fact to gain entrance into the
> internal networks of ICANN, and potentially wreak havoc or
> gain commercial (or even political) advantage through
> spying.
> 
> If some of the largest companies, including Google, can be
> vulnerable to being hacked, ICANN should be more sensitive
> to that potential, and take reasonable steps to safeguard
> its staff and the public who read comments. There is very
> little to be gained in permitting PDF/DOC and other
> attachments, and much risk added by accepting those
> formats.
> 
> Perhaps those submitting comments in those formats can be
> redirected to an online form hosted by ICANN, to allow them
> to cut/paste from their original submissions in order to
> resubmit them in plain text.
> 
> The same policy should apply to documents posted on other
> ICANN and constituency mailing lists.
> 
> Sincerely,
> 
> George Kirikos
> http://www.leap.com/
>