|
|
PDF exploits shown in this comparison as exceeding Flash based
Excuse the cross post, however, Windows 9X [being left out of the updating process] is just as vulnerable, if not more, than using outdated applications in other OSs. A basic explanation is found he http://blogs.zdnet.com/security/?p=5473&tag=nl.e539 I suggest following the linked materials, and further research into the various methods being used. NOTE: that the use of "traffic optimization", which is running programs to detect the available exploitable aspects in any given OS and/or system, has increased, and is now the preferred method being used for malicious activity distribution purposes. -- MEB http://peoplescounsel.org/ref/windows-main.htm Windows Info, Diagnostics, Security, Networking http://peoplescounsel.org The "real world" of Law, Justice, and Government ___--- |
PDF exploits shown in this comparison as exceeding Flash based
"MEB" skrev i meddelelsen
... Excuse the cross post, however, Windows 9X [being left out of the updating process] is just as vulnerable, if not more, than using outdated applications in other OSs. A basic explanation is found he http://blogs.zdnet.com/security/?p=5473&tag=nl.e539 I suggest following the linked materials, and further research into the various methods being used. NOTE: that the use of "traffic optimization", which is running programs to detect the available exploitable aspects in any given OS and/or system, has increased, and is now the preferred method being used for malicious activity distribution purposes. Hello To me it's just another fuzz story from a mainstream security magazine/blog, that don't focus on a good prevention strategy. All they care about is the scary headline and the same boring conclusion about Firefox...... I really miss the word's "principle of least privilege" and "deny-all policies" in the security debate today. /Jesper |
PDF exploits shown in this comparison as exceeding Flash based
"MEB" skrev i meddelelsen
... Excuse the cross post, however, Windows 9X [being left out of the updating process] is just as vulnerable, if not more, than using outdated applications in other OSs. A basic explanation is found he http://blogs.zdnet.com/security/?p=5473&tag=nl.e539 I suggest following the linked materials, and further research into the various methods being used. NOTE: that the use of "traffic optimization", which is running programs to detect the available exploitable aspects in any given OS and/or system, has increased, and is now the preferred method being used for malicious activity distribution purposes. Hello To me it's just another fuzz story from a mainstream security magazine/blog, that don't focus on a good prevention strategy. All they care about is the scary headline and the same boring conclusion about Firefox...... I really miss the word's "principle of least privilege" and "deny-all policies" in the security debate today. /Jesper |
PDF exploits shown in this comparison as exceeding Flash based
From: "MEB"
| Excuse the cross post, however, Windows 9X [being left out of the | updating process] is just as vulnerable, if not more, than using | outdated applications in other OSs. | A basic explanation is found he | http://blogs.zdnet.com/security/?p=5473&tag=nl.e539 | I suggest following the linked materials, and further research into the | various methods being used. | NOTE: that the use of "traffic optimization", which is running programs | to detect the available exploitable aspects in any given OS and/or | system, has increased, and is now the preferred method being used for | malicious activity distribution purposes. Updates for Adobe Reader and Adobe Acrobat were posted Today. Adobe Reader/Acrobat V9.1.3 and v8.2.1 -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |
PDF exploits shown in this comparison as exceeding Flash based
From: "MEB"
| Excuse the cross post, however, Windows 9X [being left out of the | updating process] is just as vulnerable, if not more, than using | outdated applications in other OSs. | A basic explanation is found he | http://blogs.zdnet.com/security/?p=5473&tag=nl.e539 | I suggest following the linked materials, and further research into the | various methods being used. | NOTE: that the use of "traffic optimization", which is running programs | to detect the available exploitable aspects in any given OS and/or | system, has increased, and is now the preferred method being used for | malicious activity distribution purposes. Updates for Adobe Reader and Adobe Acrobat were posted Today. Adobe Reader/Acrobat V9.1.3 and v8.2.1 -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |
PDF exploits shown in this comparison as exceeding Flash based
From: "Jesper Ravn"
| Hello | To me it's just another fuzz story from a mainstream security magazine/blog, | that don't focus on a good prevention strategy. | All they care about is the scary headline and the same boring conclusion | about Firefox...... | I really miss the word's "principle of least privilege" and "deny-all | policies" in the security debate today. | /Jesper Exploitation of PDF vulnerabilities is a very REAL and present problem. I have seen NUMEROUS malcious PDF files and I have seen numerous web sites using PDF exploit code. I'll be hones, I did not readet the ZiffDavis blog but, I know what it is based upon and the threat is real. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |
PDF exploits shown in this comparison as exceeding Flash based
From: "Jesper Ravn"
| Hello | To me it's just another fuzz story from a mainstream security magazine/blog, | that don't focus on a good prevention strategy. | All they care about is the scary headline and the same boring conclusion | about Firefox...... | I really miss the word's "principle of least privilege" and "deny-all | policies" in the security debate today. | /Jesper Exploitation of PDF vulnerabilities is a very REAL and present problem. I have seen NUMEROUS malcious PDF files and I have seen numerous web sites using PDF exploit code. I'll be hones, I did not readet the ZiffDavis blog but, I know what it is based upon and the threat is real. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |
PDF exploits shown in this comparison as exceeding Flash based
"David H. Lipman" skrev i meddelelsen ... From: "Jesper Ravn" | Hello | To me it's just another fuzz story from a mainstream security magazine/blog, | that don't focus on a good prevention strategy. | All they care about is the scary headline and the same boring conclusion | about Firefox...... | I really miss the word's "principle of least privilege" and "deny-all | policies" in the security debate today. | /Jesper Exploitation of PDF vulnerabilities is a very REAL and present problem. I have seen NUMEROUS malcious PDF files and I have seen numerous web sites using PDF exploit code. I'll be hones, I did not readet the ZiffDavis blog but, I know what it is based upon and the threat is real. Hi David Yes I know its a real problem. But the basic prevention against "remote code execution" is the same. Secure your browser (disable/promt javascript - disable adobe plugins). If that is not convenient for you, go with a one time setup like LUA/SRP (no need for ongoing adjustment/tweaks) Another approach could be an application like Anti-Executable from Faronics. It a simple stand-alone applikation where the deny-all policy takes place. For the average user it's an easy setup and go. No need to learn anything about basic security :-). To bad it's not freeware anymore. /Jesper |
PDF exploits shown in this comparison as exceeding Flash based
"David H. Lipman" skrev i meddelelsen ... From: "Jesper Ravn" | Hello | To me it's just another fuzz story from a mainstream security magazine/blog, | that don't focus on a good prevention strategy. | All they care about is the scary headline and the same boring conclusion | about Firefox...... | I really miss the word's "principle of least privilege" and "deny-all | policies" in the security debate today. | /Jesper Exploitation of PDF vulnerabilities is a very REAL and present problem. I have seen NUMEROUS malcious PDF files and I have seen numerous web sites using PDF exploit code. I'll be hones, I did not readet the ZiffDavis blog but, I know what it is based upon and the threat is real. Hi David Yes I know its a real problem. But the basic prevention against "remote code execution" is the same. Secure your browser (disable/promt javascript - disable adobe plugins). If that is not convenient for you, go with a one time setup like LUA/SRP (no need for ongoing adjustment/tweaks) Another approach could be an application like Anti-Executable from Faronics. It a simple stand-alone applikation where the deny-all policy takes place. For the average user it's an easy setup and go. No need to learn anything about basic security :-). To bad it's not freeware anymore. /Jesper |
PDF exploits shown in this comparison as exceeding Flash based
On 02/16/2010 06:18 PM, David H. Lipman wrote:
From: "MEB" | Excuse the cross post, however, Windows 9X [being left out of the | updating process] is just as vulnerable, if not more, than using | outdated applications in other OSs. | A basic explanation is found he | http://blogs.zdnet.com/security/?p=5473&tag=nl.e539 | I suggest following the linked materials, and further research into the | various methods being used. | NOTE: that the use of "traffic optimization", which is running programs | to detect the available exploitable aspects in any given OS and/or | system, has increased, and is now the preferred method being used for | malicious activity distribution purposes. Updates for Adobe Reader and Adobe Acrobat were posted Today. Adobe Reader/Acrobat V9.1.3 and v8.2.1 Well, I would love to say that will take care of the PDF issues, but we all know it won't. The allowance of internal coding, external linking, and other now allowed within the PDF format is the problem. Were this a world where people weren't trying "to make a buck" anyway they can, we might be able to consider that these WILL solve the problems; but people are what they are; money, desire for fame in some form, and all of those not so acceptable human factors rule the day. So how many of these SUPPOSED PDF vulnerabilities and fixes is that now, 30, 40, 50, ?? The article and more importantly the linked materials also describes other forms now being used beyond PDF, and that the methodology has significantly changed to avoid detection with increased polymorphic techniques, or even farther beyond the previous normal attack vectors where single hack styles may have been involved, to the point of probing the individuals system for ANY and ALL vulnerabilities once ANY entry point is found and proofed. -- MEB http://peoplescounsel.org/ref/windows-main.htm Windows Info, Diagnostics, Security, Networking http://peoplescounsel.org The "real world" of Law, Justice, and Government ___--- |
| All times are GMT +1. The time now is 09:18 AM. |
Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Win98Banter.com