Contract killer: Certified PDFs can be secretly tampered with during the signing process, boffins find

From theregister.com

A pair of techniques to surreptitiously alter the content of certified PDFs have been detailed by researchers in Germany.

The upshot is that someone could digitally add their signature to a PDF of, say, a contract, pass the file to a partner to digitally sign, and that second person could sneakily alter the contract’s text as well as sign it, creating confusion down the line. While the addition of the second signature would be permitted, the tampering of the text should be detected and flagged up by application software – unless the second person uses the aforementioned techniques.

Read more…