If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#11
|
|||
|
|||
PDF exploits shown in this comparison as exceeding Flash based
On 02/16/2010 06:18 PM, David H. Lipman wrote:
From: "MEB" | Excuse the cross post, however, Windows 9X [being left out of the | updating process] is just as vulnerable, if not more, than using | outdated applications in other OSs. | A basic explanation is found he | http://blogs.zdnet.com/security/?p=5473&tag=nl.e539 | I suggest following the linked materials, and further research into the | various methods being used. | NOTE: that the use of "traffic optimization", which is running programs | to detect the available exploitable aspects in any given OS and/or | system, has increased, and is now the preferred method being used for | malicious activity distribution purposes. Updates for Adobe Reader and Adobe Acrobat were posted Today. Adobe Reader/Acrobat V9.1.3 and v8.2.1 Well, I would love to say that will take care of the PDF issues, but we all know it won't. The allowance of internal coding, external linking, and other now allowed within the PDF format is the problem. Were this a world where people weren't trying "to make a buck" anyway they can, we might be able to consider that these WILL solve the problems; but people are what they are; money, desire for fame in some form, and all of those not so acceptable human factors rule the day. So how many of these SUPPOSED PDF vulnerabilities and fixes is that now, 30, 40, 50, ?? The article and more importantly the linked materials also describes other forms now being used beyond PDF, and that the methodology has significantly changed to avoid detection with increased polymorphic techniques, or even farther beyond the previous normal attack vectors where single hack styles may have been involved, to the point of probing the individuals system for ANY and ALL vulnerabilities once ANY entry point is found and proofed. -- MEB http://peoplescounsel.org/ref/windows-main.htm Windows Info, Diagnostics, Security, Networking http://peoplescounsel.org The "real world" of Law, Justice, and Government ___--- |
#12
|
|||
|
|||
PDF exploits shown in this comparison as exceeding Flash based
On 02/16/2010 05:47 PM, Jesper Ravn wrote:
"MEB" skrev i meddelelsen ... Excuse the cross post, however, Windows 9X [being left out of the updating process] is just as vulnerable, if not more, than using outdated applications in other OSs. A basic explanation is found he http://blogs.zdnet.com/security/?p=5473&tag=nl.e539 I suggest following the linked materials, and further research into the various methods being used. NOTE: that the use of "traffic optimization", which is running programs to detect the available exploitable aspects in any given OS and/or system, has increased, and is now the preferred method being used for malicious activity distribution purposes. Hello To me it's just another fuzz story from a mainstream security magazine/blog, that don't focus on a good prevention strategy. All they care about is the scary headline and the same boring conclusion about Firefox...... Ah, huh, Firefox?? oh when they mention No Script pluggin? Boring? When banks and accounts are being drained; when ID theft and other credit theft is running rampant; when even the most secured sites and devices are regularly take out/down... okay maybe that is boring to you. Maybe if a little blood and gore was involved... If it is so boring why are you monitoring the group? Better still, why don't you outline a prevention strategy which you think will protect the users and post it here. Perhaps we can then critique the techniques and work up something that might be truly helpful. And I'm not trying to put you "on the spot", but it is a serious discussion sorely needed. I really miss the word's "principle of least privilege" and "deny-all policies" in the security debate today. /Jesper -- MEB http://peoplescounsel.org/ref/windows-main.htm Windows Info, Diagnostics, Security, Networking http://peoplescounsel.org The "real world" of Law, Justice, and Government ___--- |
#13
|
|||
|
|||
PDF exploits shown in this comparison as exceeding Flash based
On 02/16/2010 05:47 PM, Jesper Ravn wrote:
"MEB" skrev i meddelelsen ... Excuse the cross post, however, Windows 9X [being left out of the updating process] is just as vulnerable, if not more, than using outdated applications in other OSs. A basic explanation is found he http://blogs.zdnet.com/security/?p=5473&tag=nl.e539 I suggest following the linked materials, and further research into the various methods being used. NOTE: that the use of "traffic optimization", which is running programs to detect the available exploitable aspects in any given OS and/or system, has increased, and is now the preferred method being used for malicious activity distribution purposes. Hello To me it's just another fuzz story from a mainstream security magazine/blog, that don't focus on a good prevention strategy. All they care about is the scary headline and the same boring conclusion about Firefox...... Ah, huh, Firefox?? oh when they mention No Script pluggin? Boring? When banks and accounts are being drained; when ID theft and other credit theft is running rampant; when even the most secured sites and devices are regularly take out/down... okay maybe that is boring to you. Maybe if a little blood and gore was involved... If it is so boring why are you monitoring the group? Better still, why don't you outline a prevention strategy which you think will protect the users and post it here. Perhaps we can then critique the techniques and work up something that might be truly helpful. And I'm not trying to put you "on the spot", but it is a serious discussion sorely needed. I really miss the word's "principle of least privilege" and "deny-all policies" in the security debate today. /Jesper -- MEB http://peoplescounsel.org/ref/windows-main.htm Windows Info, Diagnostics, Security, Networking http://peoplescounsel.org The "real world" of Law, Justice, and Government ___--- |
#14
|
|||
|
|||
PDF exploits shown in this comparison as exceeding Flash based
In message , David H. Lipman
writes: From: "MEB" | Excuse the cross post, however, Windows 9X [being left out of the | updating process] is just as vulnerable, if not more, than using | outdated applications in other OSs. | A basic explanation is found he | http://blogs.zdnet.com/security/?p=5473&tag=nl.e539 | I suggest following the linked materials, and further research into the | various methods being used. | NOTE: that the use of "traffic optimization", which is running programs | to detect the available exploitable aspects in any given OS and/or | system, has increased, and is now the preferred method being used for | malicious activity distribution purposes. Updates for Adobe Reader and Adobe Acrobat were posted Today. Adobe Reader/Acrobat V9.1.3 and v8.2.1 Do these exploits affect Foxit (either current versions or the last one that works with '98), rather than Adobe? -- J. P. Gilliver. UMRA: 1960/1985 MB++G.5AL-IS-P--Ch++(p)Ar@T0H+Sh0!:`)DNAf ** http://www.soft255.demon.co.uk/G6JPG-PC/JPGminPC.htm for ludicrously outdated thoughts on PCs. ** Give me patience. RIGHT NOW. |
#15
|
|||
|
|||
PDF exploits shown in this comparison as exceeding Flash based
In message , David H. Lipman
writes: From: "MEB" | Excuse the cross post, however, Windows 9X [being left out of the | updating process] is just as vulnerable, if not more, than using | outdated applications in other OSs. | A basic explanation is found he | http://blogs.zdnet.com/security/?p=5473&tag=nl.e539 | I suggest following the linked materials, and further research into the | various methods being used. | NOTE: that the use of "traffic optimization", which is running programs | to detect the available exploitable aspects in any given OS and/or | system, has increased, and is now the preferred method being used for | malicious activity distribution purposes. Updates for Adobe Reader and Adobe Acrobat were posted Today. Adobe Reader/Acrobat V9.1.3 and v8.2.1 Do these exploits affect Foxit (either current versions or the last one that works with '98), rather than Adobe? -- J. P. Gilliver. UMRA: 1960/1985 MB++G.5AL-IS-P--Ch++(p)Ar@T0H+Sh0!:`)DNAf ** http://www.soft255.demon.co.uk/G6JPG-PC/JPGminPC.htm for ludicrously outdated thoughts on PCs. ** Give me patience. RIGHT NOW. |
#16
|
|||
|
|||
PDF exploits shown in this comparison as exceeding Flash based
From: "J. P. Gilliver (John)"
| In message , David H. Lipman | writes: From: "MEB" | Excuse the cross post, however, Windows 9X [being left out of the | updating process] is just as vulnerable, if not more, than using | outdated applications in other OSs. | A basic explanation is found he | http://blogs.zdnet.com/security/?p=5473&tag=nl.e539 | I suggest following the linked materials, and further research into the | various methods being used. | NOTE: that the use of "traffic optimization", which is running programs | to detect the available exploitable aspects in any given OS and/or | system, has increased, and is now the preferred method being used for | malicious activity distribution purposes. Updates for Adobe Reader and Adobe Acrobat were posted Today. Adobe Reader/Acrobat V9.1.3 and v8.2.1 | Do these exploits affect Foxit (either current versions or the last one | that works with '98), rather than Adobe? The latest ones ? No. Previous one or two, yes. What version of FoxIt Reader are you using ? -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |
#17
|
|||
|
|||
PDF exploits shown in this comparison as exceeding Flash based
From: "J. P. Gilliver (John)" | In message , David H. Lipman | writes: From: "MEB" | Excuse the cross post, however, Windows 9X [being left out of the | updating process] is just as vulnerable, if not more, than using | outdated applications in other OSs. | A basic explanation is found he | http://blogs.zdnet.com/security/?p=5473&tag=nl.e539 | I suggest following the linked materials, and further research into the | various methods being used. | NOTE: that the use of "traffic optimization", which is running programs | to detect the available exploitable aspects in any given OS and/or | system, has increased, and is now the preferred method being used for | malicious activity distribution purposes. Updates for Adobe Reader and Adobe Acrobat were posted Today. Adobe Reader/Acrobat V9.1.3 and v8.2.1 | Do these exploits affect Foxit (either current versions or the last one | that works with '98), rather than Adobe? The latest ones ? No. Previous one or two, yes. What version of FoxIt Reader are you using ? -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |
#18
|
|||
|
|||
PDF exploits shown in this comparison as exceeding Flash based
"J. P. Gilliver (John)" wrote:
Do these exploits affect Foxit (either current versions or the last one that works with '98), rather than Adobe? I continue to NOT see credible evidence that PDF exploits discovered during and since 2007 are applicable or compatible with Acrobat 6.x. I've tried many of the published pdf POC during the past year or two and have seen no evidence that they function correctly when exposed to Acrobat 6.x running on Win-98se. |
#19
|
|||
|
|||
PDF exploits shown in this comparison as exceeding Flash based
"J. P. Gilliver (John)" wrote:
Do these exploits affect Foxit (either current versions or the last one that works with '98), rather than Adobe? I continue to NOT see credible evidence that PDF exploits discovered during and since 2007 are applicable or compatible with Acrobat 6.x. I've tried many of the published pdf POC during the past year or two and have seen no evidence that they function correctly when exposed to Acrobat 6.x running on Win-98se. |
#20
|
|||
|
|||
PDF exploits shown in this comparison as exceeding Flash based
On 02/18/2010 08:20 AM, 98 Guy wrote: "J. P. Gilliver (John)" wrote: Do these exploits affect Foxit (either current versions or the last one that works with '98), rather than Adobe? I continue to NOT see credible evidence that PDF exploits discovered during and since 2007 are applicable or compatible with Acrobat 6.x. I've tried many of the published pdf POC during the past year or two and have seen no evidence that they function correctly when exposed to Acrobat 6.x running on Win-98se. As I have explained AND directed you to befo You are using the "published" *example* code or the specifically coded NT exploit to make this bold statement. This in no way indicates that these exploitable aspects can not work or be leveraged in Adobe Reader 6 or any earlier versions in the Win9X or other OSs which support the inclusion of code, internal or external linking, prefetch activities, and/or the other factors which apply when addressing these issues. The *hack packs* being distributed and methodology now being employed look/probe for ANY vulnerability within any given system; meaning IF there is an exploitable flaw/vulnerability during the contact, the likelihood is it will be discovered. The PDF format is filled with addressable flaws/vulnerabilities due to all the functions/inclusions allowed within it; and these are merely the entry point. To presume that the PDF format and Reader 6 is not being leveraged is unintelligent and fails to give credit or consideration to the known activities hackers now employ. As Win9X needs no services crash or memory corruption to effectuate elevation of privileges or "root" access as in the NTs, it is far more sensible to presume that not only the known existing Reader 6 vulnerabilities are being used, but that new forms are being discovered and used, particularly when taken with consideration of the polymorphic activities and *per system* hacker activity being employed. On the other hand, Adobe Reader 6 does NOT allow many of the extended activities that 7 and above do, so there are limits and some of these specific vulnerabilities may not exist; though again, that in *no way* means that the known or new and unpublished vulnerabilities/exploits are not still be used/leveraged against Reader 6 [or being modified to avoid detection], or which applied in Win9X, or within the other OSs. A perfect example would be the recent activity regarding the rootkit causing BSoDs and the Microsoft updates, where within hours of the release of the patches, the rootkit was modified and distributed to NOT cause the BSoD, thereby allowing the patches WITHOUT the rootkit being discovered due to the BSoD. BSOD after MS10-015? TDL3 authors "apologize" - Feb. 16 2010 http://www.prevx.com/blog/143/BSOD-a...apologize.html To assume that Win9X hacks or applicable to the applications used within it are not also being modified is ludicrous. In the hacker world Win9X hacks are "kiddie hacks" meaning what hackers once cut their teeth on, being so easy to accomplish. Moreover, one should NOT overlook the main issues the NT patch was addressing [the kernel patch], which addressed the 16bit coding support and DOS base access, both of which are inherent in Win9X. There should be a "duuuuhhhh" moment, the "light turning on" here... So to put it bluntly: your "have not seen credible" means zip. nada. It happens to be what you DON'T see that is being used to hack the millions of computers. And the above "you" includes the supposed protections like AV which are being bypassed by the present exploits and malware. -- MEB http://peoplescounsel.org/ref/windows-main.htm Windows Info, Diagnostics, Security, Networking http://peoplescounsel.org The "real world" of Law, Justice, and Government ___--- |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
New Adobe Reader Zero Day Exploits - New FireFox exploits | MEB[_16_] | General | 28 | May 5th 09 12:29 AM |
Registry and system.dat comparison | Bill P. | General | 9 | August 27th 06 04:53 AM |
Comparison of W98SE and ME? | ms | General | 5 | May 12th 05 06:58 PM |
Win98 comparison | [email protected] | General | 3 | September 14th 04 10:01 AM |
Spybot and DSO Exploits | Alias | General | 2 | September 7th 04 04:03 PM |