Recent attacks that exploit an unpatched vulnerability in Adobe's near-ubiquitous Reader application bear the hallmarks of the people who breached Google and dozens of other large companies earlier this year, researchers from Symantec said. The booby-trapped PDF files are attached to emails that request interviews and offer …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Monday 13th September 2010 20:14 GMT Anonymous Coward

Bloatware Exploit.

Anyone know if us Foxit users are at risk?

0 0
This post has been deleted by its author
1. Monday 13th September 2010 21:59 GMT Anonymous Coward
  
  Or even better
  
  ignore steps 1 through 5 and GET EDUCATED.
  
  Education is the BEST DEFENSE period.
  
  3 3
Monday 13th September 2010 20:15 GMT James O'Shea

questions

1 does this affect non-Adobe apps, such as FoxIt or Apple's Preview, which can read PDFs?

2 the current attack appears to be aimed at Windows (as usual). Is there any evidence of anyone doing anything similar to attack other platforms, or can those who don't use Windows simply ignore this whole matter?

1 0
1. Monday 13th September 2010 21:59 GMT Anonymous Coward
  
  "don't use Windows simply ignore this whole matter?"
  
  Do any ADULTS use WIndows ??
  
  2 3
2. Monday 13th September 2010 21:59 GMT Anonymous Coward
  
  Probably Not
  
  As far as I understand it, the issue is tightly coupled to a specific Adobe DLL, which they "forgot" to secure with Adress Space Randomization (one of those MS bandaids).
  
  So the problem is somewhere in that DLL and it can be easily exploited because they did not enable randomization.
  
  Do not use Adobe software. That's the best advice I can give you.
  
  Here is a list of Alternatives:
  
  http://en.wikipedia.org/wiki/List_of_PDF_software
  
  0 0
  1. Monday 13th September 2010 22:51 GMT Fozzyb
    
    Quick Check
    
    You're solution to a security issue is on Wikipediea?!
    
    0 0
    1. Tuesday 14th September 2010 09:24 GMT Anonymous Coward
      
      Yes, Indeed, On Wikipedia
      
      As someone above pointed out, EDUCATION is key to security. Wikipedia will provide you at least starting points for your Internet Driving License.
      
      People have to learn quite a few things before they fiddle with Computers. Things like:
      
      1.) Admin / root accounts are only used for maintenance and installation purposes
      
      2.) Install Software from Known Good Sources. (E.g. Skype from skype.com, firefox from Mozilla.org etc)
      
      3.) Don't install software which is not listed on trustworthy sources (like Wikipedia, heise.de, theregister, zdnet.com etc) as proper software.
      
      4.) Keep all internet-exposed software patched to latest patch level.
      
      5.) Understand what Virus Scanners do and what Privilege Restriction does. Appreciate that the first approach is totally retarded and won't defend you against targeted Zero-day exploits.
      
      6.) Understand Sandboxes and that they provide REAL security.
      
      Now that is just a short list, but I guess 90% of Computer users don't know of that neither do they have a motivation to know.
      
      Wikipedia is not presenting all conclusions on a silver plate, but if you have some intelligence and spend some time and money (as much as learning to drive a car, maybe ?) you are going to understand quite a few things from that. You could also take the time and meet people in a local computer club and ask them questions on the subject of PC security.
      
      http://en.wikipedia.org/wiki/Pc_security
      
      http://en.wikipedia.org/wiki/Sandbox_(computer_security)
      
      http://en.wikipedia.org/wiki/Root_user
      
      http://en.wikipedia.org/wiki/Virus_scanner
      
      http://en.wikipedia.org/wiki/Linux_Security_Modules
      
      http://en.wikipedia.org/wiki/Security-Enhanced_Linux
      
      http://en.wikipedia.org/wiki/AppArmor
      
      http://en.wikipedia.org/wiki/Google_chrome#Security
      
      http://en.wikipedia.org/wiki/Internet_explorer#Security
      
      http://en.wikipedia.org/wiki/Comparison_of_web_browsers#Vulnerabilities
      
      ==========================================
      
      For Computer Scientists and IT people:
      
      http://en.wikipedia.org/wiki/Buffer_overflow
      
      http://en.wikipedia.org/wiki/Cyclone_%28programming_language%29
      
      http://en.wikipedia.org/wiki/AuroraUX
      
      http://en.wikipedia.org/wiki/SPARK
      
      0 1
Monday 13th September 2010 21:59 GMT Jerome 0

I'm confused

Adobe are hacking Google by exploiting a bear's fingerprint?!

0 0
Monday 13th September 2010 22:51 GMT Keith T

And you wonder why our government tolerates such bug-filled software?

Doubtless this is not the only political and government hacking going on.

It is just the organization in question is still so primitive it doesn't have enough still to go undiscovered.

Western governments can do better.

1 0
1. Tuesday 14th September 2010 11:15 GMT Anonymous Coward
  
  In A Free World
  
  ..you are free to eat Burgers. Or wait 30 minutes and have a decent meal in a french restaurant.
  
  1 2
Tuesday 14th September 2010 20:25 GMT n3td3v

No proof of true origin of hackers

They might not be Chinese hackers let alone government sponsored, the whole thing is ridiculous.

0 0
1. Wednesday 15th September 2010 08:57 GMT Anonymous Coward
  
  Removing My Tinfoil hat
  
  ...and then thinking rationally I do think the Chinese are behind this kind of HACKINT (intelligence through hacking) attempts. Too many diverse people from Booz Allen Hamilton, Google to the odd virus scanner maker have stated this. BAH and Google could be CIA shills, but a coordinated smear campaign involving so many companies and countries all done by the retards from Virgina ? Don't think so.
  
  Virus-loaded PDFs are the typical "Chinese Approach".
  
  0 2