PDF exploits shown in this comparison as exceeding Flash based

On 02/16/2010 06:18 PM, David H. Lipman wrote:
From: "MEB"


| Excuse the cross post, however, Windows 9X [being left out of the
| updating process] is just as vulnerable, if not more, than using
| outdated applications in other OSs.

| A basic explanation is found he
| http://blogs.zdnet.com/security/?p=5473&tag=nl.e539

| I suggest following the linked materials, and further research into the
| various methods being used.
| NOTE: that the use of "traffic optimization", which is running programs
| to detect the available exploitable aspects in any given OS and/or
| system, has increased, and is now the preferred method being used for
| malicious activity distribution purposes.


Updates for Adobe Reader and Adobe Acrobat were posted Today.

Adobe Reader/Acrobat V9.1.3 and v8.2.1


Well, I would love to say that will take care of the PDF issues, but we
all know it won't. The allowance of internal coding, external linking,
and other now allowed within the PDF format is the problem. Were this a
world where people weren't trying "to make a buck" anyway they can, we
might be able to consider that these WILL solve the problems; but people
are what they are; money, desire for fame in some form, and all of those
not so acceptable human factors rule the day.
So how many of these SUPPOSED PDF vulnerabilities and fixes is that
now, 30, 40, 50, ??

The article and more importantly the linked materials also describes
other forms now being used beyond PDF, and that the methodology has
significantly changed to avoid detection with increased polymorphic
techniques, or even farther beyond the previous normal attack vectors
where single hack styles may have been involved, to the point of probing
the individuals system for ANY and ALL vulnerabilities once ANY entry
point is found and proofed.

--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---

On 02/16/2010 05:47 PM, Jesper Ravn wrote:
"MEB" skrev i meddelelsen
...

Excuse the cross post, however, Windows 9X [being left out of the
updating process] is just as vulnerable, if not more, than using
outdated applications in other OSs.

A basic explanation is found he
http://blogs.zdnet.com/security/?p=5473&tag=nl.e539

I suggest following the linked materials, and further research into the
various methods being used.
NOTE: that the use of "traffic optimization", which is running programs
to detect the available exploitable aspects in any given OS and/or
system, has increased, and is now the preferred method being used for
malicious activity distribution purposes.

Hello

To me it's just another fuzz story from a mainstream security
magazine/blog, that don't focus on a good prevention strategy.
All they care about is the scary headline and the same boring conclusion
about Firefox......

Ah, huh, Firefox?? oh when they mention No Script pluggin?

Boring? When banks and accounts are being drained; when ID theft and
other credit theft is running rampant; when even the most secured sites
and devices are regularly take out/down... okay maybe that is boring to
you. Maybe if a little blood and gore was involved...
If it is so boring why are you monitoring the group?

Better still, why don't you outline a prevention strategy which you
think will protect the users and post it here. Perhaps we can then
critique the techniques and work up something that might be truly
helpful. And I'm not trying to put you "on the spot", but it is a
serious discussion sorely needed.


I really miss the word's "principle of least privilege" and "deny-all
policies" in the security debate today.

/Jesper


--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---

On 02/16/2010 05:47 PM, Jesper Ravn wrote:
"MEB" skrev i meddelelsen
...

Excuse the cross post, however, Windows 9X [being left out of the
updating process] is just as vulnerable, if not more, than using
outdated applications in other OSs.

A basic explanation is found he
http://blogs.zdnet.com/security/?p=5473&tag=nl.e539

I suggest following the linked materials, and further research into the
various methods being used.
NOTE: that the use of "traffic optimization", which is running programs
to detect the available exploitable aspects in any given OS and/or
system, has increased, and is now the preferred method being used for
malicious activity distribution purposes.

Hello

To me it's just another fuzz story from a mainstream security
magazine/blog, that don't focus on a good prevention strategy.
All they care about is the scary headline and the same boring conclusion
about Firefox......

Ah, huh, Firefox?? oh when they mention No Script pluggin?

Boring? When banks and accounts are being drained; when ID theft and
other credit theft is running rampant; when even the most secured sites
and devices are regularly take out/down... okay maybe that is boring to
you. Maybe if a little blood and gore was involved...
If it is so boring why are you monitoring the group?

Better still, why don't you outline a prevention strategy which you
think will protect the users and post it here. Perhaps we can then
critique the techniques and work up something that might be truly
helpful. And I'm not trying to put you "on the spot", but it is a
serious discussion sorely needed.


I really miss the word's "principle of least privilege" and "deny-all
policies" in the security debate today.

/Jesper


--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---

In message , David H. Lipman
writes:
From: "MEB"


| Excuse the cross post, however, Windows 9X [being left out of the
| updating process] is just as vulnerable, if not more, than using
| outdated applications in other OSs.

| A basic explanation is found he
| http://blogs.zdnet.com/security/?p=5473&tag=nl.e539

| I suggest following the linked materials, and further research into the
| various methods being used.
| NOTE: that the use of "traffic optimization", which is running programs
| to detect the available exploitable aspects in any given OS and/or
| system, has increased, and is now the preferred method being used for
| malicious activity distribution purposes.


Updates for Adobe Reader and Adobe Acrobat were posted Today.

Adobe Reader/Acrobat V9.1.3 and v8.2.1

Do these exploits affect Foxit (either current versions or the last one
that works with '98), rather than Adobe?
--
J. P. Gilliver. UMRA: 1960/1985 MB++G.5AL-IS-P--Ch++(p)Ar@T0H+Sh0!:`)DNAf
** http://www.soft255.demon.co.uk/G6JPG-PC/JPGminPC.htm for ludicrously
outdated thoughts on PCs. **

Give me patience. RIGHT NOW.

In message , David H. Lipman
writes:
From: "MEB"


| Excuse the cross post, however, Windows 9X [being left out of the
| updating process] is just as vulnerable, if not more, than using
| outdated applications in other OSs.

| A basic explanation is found he
| http://blogs.zdnet.com/security/?p=5473&tag=nl.e539

| I suggest following the linked materials, and further research into the
| various methods being used.
| NOTE: that the use of "traffic optimization", which is running programs
| to detect the available exploitable aspects in any given OS and/or
| system, has increased, and is now the preferred method being used for
| malicious activity distribution purposes.


Updates for Adobe Reader and Adobe Acrobat were posted Today.

Adobe Reader/Acrobat V9.1.3 and v8.2.1

Do these exploits affect Foxit (either current versions or the last one
that works with '98), rather than Adobe?
--
J. P. Gilliver. UMRA: 1960/1985 MB++G.5AL-IS-P--Ch++(p)Ar@T0H+Sh0!:`)DNAf
** http://www.soft255.demon.co.uk/G6JPG-PC/JPGminPC.htm for ludicrously
outdated thoughts on PCs. **

Give me patience. RIGHT NOW.

From: "J. P. Gilliver (John)"

| In message , David H. Lipman
| writes:
From: "MEB"


| Excuse the cross post, however, Windows 9X [being left out of the
| updating process] is just as vulnerable, if not more, than using
| outdated applications in other OSs.

| A basic explanation is found he
| http://blogs.zdnet.com/security/?p=5473&tag=nl.e539

| I suggest following the linked materials, and further research into the
| various methods being used.
| NOTE: that the use of "traffic optimization", which is running programs
| to detect the available exploitable aspects in any given OS and/or
| system, has increased, and is now the preferred method being used for
| malicious activity distribution purposes.


Updates for Adobe Reader and Adobe Acrobat were posted Today.

Adobe Reader/Acrobat V9.1.3 and v8.2.1

| Do these exploits affect Foxit (either current versions or the last one
| that works with '98), rather than Adobe?


The latest ones ? No.

Previous one or two, yes.

What version of FoxIt Reader are you using ?


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

From: "J. P. Gilliver (John)"

| In message , David H. Lipman
| writes:
From: "MEB"


| Excuse the cross post, however, Windows 9X [being left out of the
| updating process] is just as vulnerable, if not more, than using
| outdated applications in other OSs.

| A basic explanation is found he
| http://blogs.zdnet.com/security/?p=5473&tag=nl.e539

| I suggest following the linked materials, and further research into the
| various methods being used.
| NOTE: that the use of "traffic optimization", which is running programs
| to detect the available exploitable aspects in any given OS and/or
| system, has increased, and is now the preferred method being used for
| malicious activity distribution purposes.


Updates for Adobe Reader and Adobe Acrobat were posted Today.

Adobe Reader/Acrobat V9.1.3 and v8.2.1

| Do these exploits affect Foxit (either current versions or the last one
| that works with '98), rather than Adobe?


The latest ones ? No.

Previous one or two, yes.

What version of FoxIt Reader are you using ?


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

"J. P. Gilliver (John)" wrote:

Do these exploits affect Foxit (either current versions or the last
one that works with '98), rather than Adobe?

I continue to NOT see credible evidence that PDF exploits discovered
during and since 2007 are applicable or compatible with Acrobat 6.x.
I've tried many of the published pdf POC during the past year or two and
have seen no evidence that they function correctly when exposed to
Acrobat 6.x running on Win-98se.

"J. P. Gilliver (John)" wrote:

Do these exploits affect Foxit (either current versions or the last
one that works with '98), rather than Adobe?

I continue to NOT see credible evidence that PDF exploits discovered
during and since 2007 are applicable or compatible with Acrobat 6.x.
I've tried many of the published pdf POC during the past year or two and
have seen no evidence that they function correctly when exposed to
Acrobat 6.x running on Win-98se.

On 02/18/2010 08:20 AM, 98 Guy wrote:
"J. P. Gilliver (John)" wrote:

Do these exploits affect Foxit (either current versions or the last
one that works with '98), rather than Adobe?

I continue to NOT see credible evidence that PDF exploits discovered
during and since 2007 are applicable or compatible with Acrobat 6.x.
I've tried many of the published pdf POC during the past year or two and
have seen no evidence that they function correctly when exposed to
Acrobat 6.x running on Win-98se.

As I have explained AND directed you to befo
You are using the "published" *example* code or the specifically coded
NT exploit to make this bold statement.
This in no way indicates that these exploitable aspects can not work or
be leveraged in Adobe Reader 6 or any earlier versions in the Win9X or
other OSs which support the inclusion of code, internal or external
linking, prefetch activities, and/or the other factors which apply when
addressing these issues.
The *hack packs* being distributed and methodology now being employed
look/probe for ANY vulnerability within any given system; meaning IF
there is an exploitable flaw/vulnerability during the contact, the
likelihood is it will be discovered. The PDF format is filled with
addressable flaws/vulnerabilities due to all the functions/inclusions
allowed within it; and these are merely the entry point.
To presume that the PDF format and Reader 6 is not being leveraged is
unintelligent and fails to give credit or consideration to the known
activities hackers now employ. As Win9X needs no services crash or
memory corruption to effectuate elevation of privileges or "root" access
as in the NTs, it is far more sensible to presume that not only the
known existing Reader 6 vulnerabilities are being used, but that new
forms are being discovered and used, particularly when taken with
consideration of the polymorphic activities and *per system* hacker
activity being employed.
On the other hand, Adobe Reader 6 does NOT allow many of the extended
activities that 7 and above do, so there are limits and some of these
specific vulnerabilities may not exist; though again, that in *no way*
means that the known or new and unpublished vulnerabilities/exploits are
not still be used/leveraged against Reader 6 [or being modified to avoid
detection], or which applied in Win9X, or within the other OSs.
A perfect example would be the recent activity regarding the rootkit
causing BSoDs and the Microsoft updates, where within hours of the
release of the patches, the rootkit was modified and distributed to NOT
cause the BSoD, thereby allowing the patches WITHOUT the rootkit being
discovered due to the BSoD.

BSOD after MS10-015? TDL3 authors "apologize" - Feb. 16 2010
http://www.prevx.com/blog/143/BSOD-a...apologize.html

To assume that Win9X hacks or applicable to the applications used
within it are not also being modified is ludicrous. In the hacker world
Win9X hacks are "kiddie hacks" meaning what hackers once cut their teeth
on, being so easy to accomplish. Moreover, one should NOT overlook the
main issues the NT patch was addressing [the kernel patch], which
addressed the 16bit coding support and DOS base access, both of which
are inherent in Win9X. There should be a "duuuuhhhh" moment, the "light
turning on" here...

So to put it bluntly: your "have not seen credible" means zip. nada. It
happens to be what you DON'T see that is being used to hack the millions
of computers. And the above "you" includes the supposed protections like
AV which are being bypassed by the present exploits and malware.

--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---