PDF exploits shown in this comparison as exceeding Flash based

Excuse the cross post, however, Windows 9X [being left out of the
updating process] is just as vulnerable, if not more, than using
outdated applications in other OSs.

A basic explanation is found he
http://blogs.zdnet.com/security/?p=5473&tag=nl.e539

I suggest following the linked materials, and further research into the
various methods being used.
NOTE: that the use of "traffic optimization", which is running programs
to detect the available exploitable aspects in any given OS and/or
system, has increased, and is now the preferred method being used for
malicious activity distribution purposes.

--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---

"MEB" skrev i meddelelsen
...

Excuse the cross post, however, Windows 9X [being left out of the
updating process] is just as vulnerable, if not more, than using
outdated applications in other OSs.

A basic explanation is found he
http://blogs.zdnet.com/security/?p=5473&tag=nl.e539

I suggest following the linked materials, and further research into the
various methods being used.
NOTE: that the use of "traffic optimization", which is running programs
to detect the available exploitable aspects in any given OS and/or
system, has increased, and is now the preferred method being used for
malicious activity distribution purposes.

Hello

To me it's just another fuzz story from a mainstream security magazine/blog,
that don't focus on a good prevention strategy.
All they care about is the scary headline and the same boring conclusion
about Firefox......

I really miss the word's "principle of least privilege" and "deny-all
policies" in the security debate today.

/Jesper

"MEB" skrev i meddelelsen
...

Excuse the cross post, however, Windows 9X [being left out of the
updating process] is just as vulnerable, if not more, than using
outdated applications in other OSs.

A basic explanation is found he
http://blogs.zdnet.com/security/?p=5473&tag=nl.e539

I suggest following the linked materials, and further research into the
various methods being used.
NOTE: that the use of "traffic optimization", which is running programs
to detect the available exploitable aspects in any given OS and/or
system, has increased, and is now the preferred method being used for
malicious activity distribution purposes.

Hello

To me it's just another fuzz story from a mainstream security magazine/blog,
that don't focus on a good prevention strategy.
All they care about is the scary headline and the same boring conclusion
about Firefox......

I really miss the word's "principle of least privilege" and "deny-all
policies" in the security debate today.

/Jesper

From: "MEB"


| Excuse the cross post, however, Windows 9X [being left out of the
| updating process] is just as vulnerable, if not more, than using
| outdated applications in other OSs.

| A basic explanation is found he
| http://blogs.zdnet.com/security/?p=5473&tag=nl.e539

| I suggest following the linked materials, and further research into the
| various methods being used.
| NOTE: that the use of "traffic optimization", which is running programs
| to detect the available exploitable aspects in any given OS and/or
| system, has increased, and is now the preferred method being used for
| malicious activity distribution purposes.


Updates for Adobe Reader and Adobe Acrobat were posted Today.

Adobe Reader/Acrobat V9.1.3 and v8.2.1

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

From: "MEB"


| Excuse the cross post, however, Windows 9X [being left out of the
| updating process] is just as vulnerable, if not more, than using
| outdated applications in other OSs.

| A basic explanation is found he
| http://blogs.zdnet.com/security/?p=5473&tag=nl.e539

| I suggest following the linked materials, and further research into the
| various methods being used.
| NOTE: that the use of "traffic optimization", which is running programs
| to detect the available exploitable aspects in any given OS and/or
| system, has increased, and is now the preferred method being used for
| malicious activity distribution purposes.


Updates for Adobe Reader and Adobe Acrobat were posted Today.

Adobe Reader/Acrobat V9.1.3 and v8.2.1

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

From: "Jesper Ravn"

| Hello

| To me it's just another fuzz story from a mainstream security magazine/blog,
| that don't focus on a good prevention strategy.
| All they care about is the scary headline and the same boring conclusion
| about Firefox......

| I really miss the word's "principle of least privilege" and "deny-all
| policies" in the security debate today.

| /Jesper

Exploitation of PDF vulnerabilities is a very REAL and present problem. I have seen
NUMEROUS malcious PDF files and I have seen numerous web sites using PDF exploit code.

I'll be hones, I did not readet the ZiffDavis blog but, I know what it is based upon and
the threat is real.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

From: "Jesper Ravn"

| Hello

| To me it's just another fuzz story from a mainstream security magazine/blog,
| that don't focus on a good prevention strategy.
| All they care about is the scary headline and the same boring conclusion
| about Firefox......

| I really miss the word's "principle of least privilege" and "deny-all
| policies" in the security debate today.

| /Jesper

Exploitation of PDF vulnerabilities is a very REAL and present problem. I have seen
NUMEROUS malcious PDF files and I have seen numerous web sites using PDF exploit code.

I'll be hones, I did not readet the ZiffDavis blog but, I know what it is based upon and
the threat is real.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

"David H. Lipman" skrev i meddelelsen
...
From: "Jesper Ravn"

| Hello

| To me it's just another fuzz story from a mainstream security
magazine/blog,
| that don't focus on a good prevention strategy.
| All they care about is the scary headline and the same boring conclusion
| about Firefox......

| I really miss the word's "principle of least privilege" and "deny-all
| policies" in the security debate today.

| /Jesper

Exploitation of PDF vulnerabilities is a very REAL and present problem. I
have seen
NUMEROUS malcious PDF files and I have seen numerous web sites using PDF
exploit code.

I'll be hones, I did not readet the ZiffDavis blog but, I know what it is
based upon and
the threat is real.

Hi David

Yes I know its a real problem. But the basic prevention against "remote code
execution" is the same.
Secure your browser (disable/promt javascript - disable adobe plugins).

If that is not convenient for you, go with a one time setup like LUA/SRP (no
need for ongoing adjustment/tweaks)

Another approach could be an application like Anti-Executable from Faronics.
It a simple stand-alone applikation where the deny-all policy takes place.
For the average user it's an easy setup and go. No need to learn anything
about basic security :-).
To bad it's not freeware anymore.

/Jesper

"David H. Lipman" skrev i meddelelsen
...
From: "Jesper Ravn"

| Hello

| To me it's just another fuzz story from a mainstream security
magazine/blog,
| that don't focus on a good prevention strategy.
| All they care about is the scary headline and the same boring conclusion
| about Firefox......

| I really miss the word's "principle of least privilege" and "deny-all
| policies" in the security debate today.

| /Jesper

Exploitation of PDF vulnerabilities is a very REAL and present problem. I
have seen
NUMEROUS malcious PDF files and I have seen numerous web sites using PDF
exploit code.

I'll be hones, I did not readet the ZiffDavis blog but, I know what it is
based upon and
the threat is real.

Hi David

Yes I know its a real problem. But the basic prevention against "remote code
execution" is the same.
Secure your browser (disable/promt javascript - disable adobe plugins).

If that is not convenient for you, go with a one time setup like LUA/SRP (no
need for ongoing adjustment/tweaks)

Another approach could be an application like Anti-Executable from Faronics.
It a simple stand-alone applikation where the deny-all policy takes place.
For the average user it's an easy setup and go. No need to learn anything
about basic security :-).
To bad it's not freeware anymore.

/Jesper

On 02/16/2010 06:18 PM, David H. Lipman wrote:
From: "MEB"


| Excuse the cross post, however, Windows 9X [being left out of the
| updating process] is just as vulnerable, if not more, than using
| outdated applications in other OSs.

| A basic explanation is found he
| http://blogs.zdnet.com/security/?p=5473&tag=nl.e539

| I suggest following the linked materials, and further research into the
| various methods being used.
| NOTE: that the use of "traffic optimization", which is running programs
| to detect the available exploitable aspects in any given OS and/or
| system, has increased, and is now the preferred method being used for
| malicious activity distribution purposes.


Updates for Adobe Reader and Adobe Acrobat were posted Today.

Adobe Reader/Acrobat V9.1.3 and v8.2.1


Well, I would love to say that will take care of the PDF issues, but we
all know it won't. The allowance of internal coding, external linking,
and other now allowed within the PDF format is the problem. Were this a
world where people weren't trying "to make a buck" anyway they can, we
might be able to consider that these WILL solve the problems; but people
are what they are; money, desire for fame in some form, and all of those
not so acceptable human factors rule the day.
So how many of these SUPPOSED PDF vulnerabilities and fixes is that
now, 30, 40, 50, ??

The article and more importantly the linked materials also describes
other forms now being used beyond PDF, and that the methodology has
significantly changed to avoid detection with increased polymorphic
techniques, or even farther beyond the previous normal attack vectors
where single hack styles may have been involved, to the point of probing
the individuals system for ANY and ALL vulnerabilities once ANY entry
point is found and proofed.

--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---