Unpatched PDF flaw harnessed to launch targeted attacks Adobe is investigating reports of unpatched flaws in its Reader and Acrobat software packages. Zero-day bugs in Adobe Reader and Acrobat have reportedly been exploited by hackers to attack vulnerable systems, in a series of limited (presumably) targeted attacks since 11 December. Adobe Reader and Acrobat 9.2 or below are …
JS needs to be reined in. Usability aside, almost every drive-by attack against modern browsers is the result of JS executing a third-party app / viewer. I might drop NoScript and just start browsing with JS disabled permenantly.
If only I could get 3D graphics working on Ubuntu on my rig...
Right now, the only manufacturer with decent 3d drivers for linux is NVidia. You should be golden with an NV card in there. If you're one of those poor unfortunates with a Radeon, you'll discover that their Linux drives are infinitely worse than their WIndows drivers, and you're best not bothering.
Well, it's smaller, faster and less intrusive- and doesn't install various dodgy "downloader" things on your machine (Adobe leave some with remote root holes lying about, btw- esp ActiveX ones).
I am sure it also has issues, but used wisely and kept up to date, it might be a good idea.
Also, WIndows users should consider Secunia PSI, which is free for personal use, and does a sterling job of nagging you into keeping your software up to date, when patches do actually arrive.
Think I came across it last night (and no, I wasn't surfing for pron) - put in a google search and clicked on of the links which tried to open a pdf. Reader then crashed trying to open said pdf.
Immediately ran a virus scan, but nothing was detected.
(This was with Firefox, not IE)
"The popularity of Adobe software has made it a favoured target for hacking attacks over recent months"
Bullshit, Adobe software is a favoured target for hackers because it's both crammed full of bugs and suffers from Adobe's retarded focus on bloating with daft insecure features.
Reminiscent of MS in the 90's, and the reasons are the same: EEE
Foxit was certainly a big improvement over Adobe Reader, but the free version has been getting less and less usable and I can't justify paying for a pdf reader...
Sumatra pdf does the job just fine for me - I hope it's more secure as it's offers very basic functionality.
Surely you just download the new Adobe Reader complete and install it. Doesn't that work?
As for FoxIt: yeah, it's probably popular enough itself to attract hackers - particularly if it has JavaScript itself, or an equivalent. Do you think that the little guys' products are more bullet-proof intrinsically than the big beasts? Check the version history of, say, Opera. One security update after another.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
