back to article Adobe exploit bears fingerprints of hack on Google

Recent attacks that exploit an unpatched vulnerability in Adobe's near-ubiquitous Reader application bear the hallmarks of the people who breached Google and dozens of other large companies earlier this year, researchers from Symantec said. The booby-trapped PDF files are attached to emails that request interviews and offer …

COMMENTS

This topic is closed for new posts.
Bronze badge
FAIL

Bloatware Exploit.

Anyone know if us Foxit users are at risk?

0
0

This post has been deleted by its author

FAIL

Or even better

ignore steps 1 through 5 and GET EDUCATED.

Education is the BEST DEFENSE period.

3
3
Bronze badge

questions

1 does this affect non-Adobe apps, such as FoxIt or Apple's Preview, which can read PDFs?

2 the current attack appears to be aimed at Windows (as usual). Is there any evidence of anyone doing anything similar to attack other platforms, or can those who don't use Windows simply ignore this whole matter?

1
0
Anonymous Coward

"don't use Windows simply ignore this whole matter?"

Do any ADULTS use WIndows ??

2
3
Stop

Probably Not

As far as I understand it, the issue is tightly coupled to a specific Adobe DLL, which they "forgot" to secure with Adress Space Randomization (one of those MS bandaids).

So the problem is somewhere in that DLL and it can be easily exploited because they did not enable randomization.

Do not use Adobe software. That's the best advice I can give you.

Here is a list of Alternatives:

http://en.wikipedia.org/wiki/List_of_PDF_software

0
0
Coffee/keyboard

Quick Check

You're solution to a security issue is on Wikipediea?!

0
0
Megaphone

Yes, Indeed, On Wikipedia

As someone above pointed out, EDUCATION is key to security. Wikipedia will provide you at least starting points for your Internet Driving License.

People have to learn quite a few things before they fiddle with Computers. Things like:

1.) Admin / root accounts are only used for maintenance and installation purposes

2.) Install Software from Known Good Sources. (E.g. Skype from skype.com, firefox from Mozilla.org etc)

3.) Don't install software which is not listed on trustworthy sources (like Wikipedia, heise.de, theregister, zdnet.com etc) as proper software.

4.) Keep all internet-exposed software patched to latest patch level.

5.) Understand what Virus Scanners do and what Privilege Restriction does. Appreciate that the first approach is totally retarded and won't defend you against targeted Zero-day exploits.

6.) Understand Sandboxes and that they provide REAL security.

Now that is just a short list, but I guess 90% of Computer users don't know of that neither do they have a motivation to know.

Wikipedia is not presenting all conclusions on a silver plate, but if you have some intelligence and spend some time and money (as much as learning to drive a car, maybe ?) you are going to understand quite a few things from that. You could also take the time and meet people in a local computer club and ask them questions on the subject of PC security.

http://en.wikipedia.org/wiki/Pc_security

http://en.wikipedia.org/wiki/Sandbox_(computer_security)

http://en.wikipedia.org/wiki/Root_user

http://en.wikipedia.org/wiki/Virus_scanner

http://en.wikipedia.org/wiki/Linux_Security_Modules

http://en.wikipedia.org/wiki/Security-Enhanced_Linux

http://en.wikipedia.org/wiki/AppArmor

http://en.wikipedia.org/wiki/Google_chrome#Security

http://en.wikipedia.org/wiki/Internet_explorer#Security

http://en.wikipedia.org/wiki/Comparison_of_web_browsers#Vulnerabilities

==========================================

For Computer Scientists and IT people:

http://en.wikipedia.org/wiki/Buffer_overflow

http://en.wikipedia.org/wiki/Cyclone_%28programming_language%29

http://en.wikipedia.org/wiki/AuroraUX

http://en.wikipedia.org/wiki/SPARK

0
1
WTF?

I'm confused

Adobe are hacking Google by exploiting a bear's fingerprint?!

0
0
Megaphone

And you wonder why our government tolerates such bug-filled software?

Doubtless this is not the only political and government hacking going on.

It is just the organization in question is still so primitive it doesn't have enough still to go undiscovered.

Western governments can do better.

1
0
Megaphone

In A Free World

..you are free to eat Burgers. Or wait 30 minutes and have a decent meal in a french restaurant.

1
2
FAIL

No proof of true origin of hackers

They might not be Chinese hackers let alone government sponsored, the whole thing is ridiculous.

0
0
Stop

Removing My Tinfoil hat

...and then thinking rationally I do think the Chinese are behind this kind of HACKINT (intelligence through hacking) attempts. Too many diverse people from Booz Allen Hamilton, Google to the odd virus scanner maker have stated this. BAH and Google could be CIA shills, but a coordinated smear campaign involving so many companies and countries all done by the retards from Virgina ? Don't think so.

Virus-loaded PDFs are the typical "Chinese Approach".

0
2
This topic is closed for new posts.

Forums