Well, the entire Missing Persons Section is shameful. I was going to copy one of them, but they are all so irresponsible, I did not know which one to choose. No wonder we are reading today about all of the Missing Children. This is so sad. Look at the list of people that this went to. You will recognize names. Elijah Cummings, Trey Gowdy, Dick Durbin. What the hell did they do about it? Evidently nothing.
Of course, this probably wouldn't stop a CIA/NSA level exploit from working, but if you're worried about that then you should probably be running in a virtual machine or usb booted OS or otherwise really know what you're doing.
In respect to obvious threats, I would say this one is low, but of course there is always some potential of a threat.
Great answer by
@kjlsdklfjlksdjflk
, I would only add that for people using some means to cover their real IP addresses (such as Tor or a VPN), PDF files making web requests from a PDF client that has not been configured to route traffic through their anonymizing network will give away their real identities. This is why we automatically flair PDFs as risk. Also, I don't think I need to explain on this board why a .gov address is no guarantee of anything.
▼ carmencita
Well, the entire Missing Persons Section is shameful. I was going to copy one of them, but they are all so irresponsible, I did not know which one to choose. No wonder we are reading today about all of the Missing Children. This is so sad. Look at the list of people that this went to. You will recognize names. Elijah Cummings, Trey Gowdy, Dick Durbin. What the hell did they do about it? Evidently nothing.
▼ wecanhelp
I've flaired this as Potential Security Risk for the PDF.
▼ PizzaDestroyer
Please note that the PDF is hosted at app.oig.dc.gov - the website for the DC inspector general. Also a scan on virustotal.com passes the pdf as clean: https://www.virustotal.com/en/url/11ebce1255d3dbfe6ccc7c5ae6baa3f88d5502e923d6c387650a36bfd7fcee06/analysis/
Here is the result of scanning the actual file instead of URL: https://www.virustotal.com/en/file/f9937bdfce1c3294ace97e7f016a1cea24b97314838ff9520b96932724c434a2/analysis/
Of course, this probably wouldn't stop a CIA/NSA level exploit from working, but if you're worried about that then you should probably be running in a virtual machine or usb booted OS or otherwise really know what you're doing.
In respect to obvious threats, I would say this one is low, but of course there is always some potential of a threat.
▼ wecanhelp
Great answer by @kjlsdklfjlksdjflk , I would only add that for people using some means to cover their real IP addresses (such as Tor or a VPN), PDF files making web requests from a PDF client that has not been configured to route traffic through their anonymizing network will give away their real identities. This is why we automatically flair PDFs as risk. Also, I don't think I need to explain on this board why a .gov address is no guarantee of anything.
▼ PizzaDestroyer
All fair points. Thanks for the explanation.