Recent attacks that exploit an unpatched vulnerability in Adobe's near-ubiquitous Reader application bear the hallmarks of the people who breached Google and dozens of other large companies earlier this year, researchers from Symantec said. The booby-trapped PDF files are attached to emails that request interviews and offer …
Anyone know if us Foxit users are at risk?
Or even better
ignore steps 1 through 5 and GET EDUCATED.
Education is the BEST DEFENSE period.
1 does this affect non-Adobe apps, such as FoxIt or Apple's Preview, which can read PDFs?
2 the current attack appears to be aimed at Windows (as usual). Is there any evidence of anyone doing anything similar to attack other platforms, or can those who don't use Windows simply ignore this whole matter?
"don't use Windows simply ignore this whole matter?"
Do any ADULTS use WIndows ??
As far as I understand it, the issue is tightly coupled to a specific Adobe DLL, which they "forgot" to secure with Adress Space Randomization (one of those MS bandaids).
So the problem is somewhere in that DLL and it can be easily exploited because they did not enable randomization.
Do not use Adobe software. That's the best advice I can give you.
Here is a list of Alternatives:
You're solution to a security issue is on Wikipediea?!
Yes, Indeed, On Wikipedia
As someone above pointed out, EDUCATION is key to security. Wikipedia will provide you at least starting points for your Internet Driving License.
People have to learn quite a few things before they fiddle with Computers. Things like:
1.) Admin / root accounts are only used for maintenance and installation purposes
2.) Install Software from Known Good Sources. (E.g. Skype from skype.com, firefox from Mozilla.org etc)
3.) Don't install software which is not listed on trustworthy sources (like Wikipedia, heise.de, theregister, zdnet.com etc) as proper software.
4.) Keep all internet-exposed software patched to latest patch level.
5.) Understand what Virus Scanners do and what Privilege Restriction does. Appreciate that the first approach is totally retarded and won't defend you against targeted Zero-day exploits.
6.) Understand Sandboxes and that they provide REAL security.
Now that is just a short list, but I guess 90% of Computer users don't know of that neither do they have a motivation to know.
Wikipedia is not presenting all conclusions on a silver plate, but if you have some intelligence and spend some time and money (as much as learning to drive a car, maybe ?) you are going to understand quite a few things from that. You could also take the time and meet people in a local computer club and ask them questions on the subject of PC security.
For Computer Scientists and IT people:
Adobe are hacking Google by exploiting a bear's fingerprint?!
And you wonder why our government tolerates such bug-filled software?
Doubtless this is not the only political and government hacking going on.
It is just the organization in question is still so primitive it doesn't have enough still to go undiscovered.
Western governments can do better.
In A Free World
..you are free to eat Burgers. Or wait 30 minutes and have a decent meal in a french restaurant.
No proof of true origin of hackers
They might not be Chinese hackers let alone government sponsored, the whole thing is ridiculous.
Removing My Tinfoil hat
...and then thinking rationally I do think the Chinese are behind this kind of HACKINT (intelligence through hacking) attempts. Too many diverse people from Booz Allen Hamilton, Google to the odd virus scanner maker have stated this. BAH and Google could be CIA shills, but a coordinated smear campaign involving so many companies and countries all done by the retards from Virgina ? Don't think so.
Virus-loaded PDFs are the typical "Chinese Approach".