PDF exploits shown in this comparison as exceeding Flash based

 Excuse the cross post, however, Windows 9X [being left out of the
updating process] is just as vulnerable, if not more, than using
outdated applications in other OSs.

 A basic explanation is found here:
http://blogs.zdnet.com/security/?p=5473&tag=nl.e539

 I suggest following the linked materials, and further research into the
various methods being used.
 NOTE: that the use of "traffic optimization", which is running programs
to detect the available exploitable aspects in any given OS and/or
system, has increased, and is now the preferred method being used for
malicious activity distribution purposes.

-- 
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---
0
MEB
2/16/2010 6:37:24 PM
win98.gen_discussion 237 articles. 0 followers. Follow

38 Replies
896 Views

Similar Articles

[PageSpeed] 4

"MEB" <MEB-not-here@hotmail.com> skrev i meddelelsen 
news:#$r#VczrKHA.732@TK2MSFTNGP06.phx.gbl...
>
> Excuse the cross post, however, Windows 9X [being left out of the
> updating process] is just as vulnerable, if not more, than using
> outdated applications in other OSs.
>
> A basic explanation is found here:
> http://blogs.zdnet.com/security/?p=5473&tag=nl.e539
>
> I suggest following the linked materials, and further research into the
> various methods being used.
> NOTE: that the use of "traffic optimization", which is running programs
> to detect the available exploitable aspects in any given OS and/or
> system, has increased, and is now the preferred method being used for
> malicious activity distribution purposes.

Hello

To me it's just another fuzz story from a mainstream security magazine/blog, 
that don't focus on a good prevention strategy.
All they care about is the scary headline and the same boring conclusion 
about Firefox......

I really miss the word's "principle of least privilege" and "deny-all 
policies" in the security debate today.

/Jesper 

0
Jesper
2/16/2010 10:47:24 PM
From: "MEB" <MEB-not-here@hotmail.com>


|  Excuse the cross post, however, Windows 9X [being left out of the
| updating process] is just as vulnerable, if not more, than using
| outdated applications in other OSs.

|  A basic explanation is found here:
| http://blogs.zdnet.com/security/?p=5473&tag=nl.e539

|  I suggest following the linked materials, and further research into the
| various methods being used.
|  NOTE: that the use of "traffic optimization", which is running programs
| to detect the available exploitable aspects in any given OS and/or
| system, has increased, and is now the preferred method being used for
| malicious activity distribution purposes.


Updates for Adobe Reader and Adobe Acrobat were posted Today.

Adobe Reader/Acrobat V9.1.3 and v8.2.1

-- 
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp 


0
David
2/16/2010 11:18:59 PM
From: "Jesper Ravn" <jesper_ravn@hotmail.com>

| Hello

| To me it's just another fuzz story from a mainstream security magazine/blog,
| that don't focus on a good prevention strategy.
| All they care about is the scary headline and the same boring conclusion
| about Firefox......

| I really miss the word's "principle of least privilege" and "deny-all
| policies" in the security debate today.

| /Jesper

Exploitation of PDF vulnerabilities is a very REAL and present problem.  I have seen 
NUMEROUS malcious PDF files and I have seen numerous web sites using PDF exploit code.

I'll be hones, I did not readet the ZiffDavis blog but, I know what it is based upon and 
the threat is real.

-- 
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp 


0
David
2/16/2010 11:21:26 PM

"David H. Lipman" <DLipman~nospam~@Verizon.Net> skrev i meddelelsen 
news:eq47F71rKHA.3944@TK2MSFTNGP06.phx.gbl...
> From: "Jesper Ravn" <jesper_ravn@hotmail.com>
>
> | Hello
>
> | To me it's just another fuzz story from a mainstream security 
> magazine/blog,
> | that don't focus on a good prevention strategy.
> | All they care about is the scary headline and the same boring conclusion
> | about Firefox......
>
> | I really miss the word's "principle of least privilege" and "deny-all
> | policies" in the security debate today.
>
> | /Jesper
>
> Exploitation of PDF vulnerabilities is a very REAL and present problem.  I 
> have seen
> NUMEROUS malcious PDF files and I have seen numerous web sites using PDF 
> exploit code.
>
> I'll be hones, I did not readet the ZiffDavis blog but, I know what it is 
> based upon and
> the threat is real.

Hi David

Yes I know its a real problem. But the basic prevention against "remote code 
execution" is the same.
Secure your browser (disable/promt javascript - disable adobe plugins).

If that is not convenient for you, go with a one time setup like LUA/SRP (no 
need for ongoing adjustment/tweaks)

Another approach could be an application like Anti-Executable from Faronics.
It a simple stand-alone applikation where the deny-all policy takes place.
For the average user it's  an easy setup and go. No need to learn anything 
about basic security :-).
To bad it's not freeware anymore.

/Jesper

 

0
Jesper
2/17/2010 12:23:25 AM
On 02/16/2010 06:18 PM, David H. Lipman wrote:
> From: "MEB" <MEB-not-here@hotmail.com>
> 
> 
> |  Excuse the cross post, however, Windows 9X [being left out of the
> | updating process] is just as vulnerable, if not more, than using
> | outdated applications in other OSs.
> 
> |  A basic explanation is found here:
> | http://blogs.zdnet.com/security/?p=5473&tag=nl.e539
> 
> |  I suggest following the linked materials, and further research into the
> | various methods being used.
> |  NOTE: that the use of "traffic optimization", which is running programs
> | to detect the available exploitable aspects in any given OS and/or
> | system, has increased, and is now the preferred method being used for
> | malicious activity distribution purposes.
> 
> 
> Updates for Adobe Reader and Adobe Acrobat were posted Today.
> 
> Adobe Reader/Acrobat V9.1.3 and v8.2.1
> 

 Well, I would love to say that will take care of the PDF issues, but we
all know it won't. The allowance of internal coding, external linking,
and other now allowed within the PDF format is the problem. Were this a
world where people weren't trying "to make a buck" anyway they can, we
might be able to consider that these WILL solve the problems; but people
are what they are; money, desire for fame in some form, and all of those
not so acceptable human factors rule the day.
 So how many of these SUPPOSED PDF vulnerabilities and fixes is that
now, 30, 40, 50, ??

 The article and more importantly the linked materials also describes
other forms now being used beyond PDF, and that the methodology has
significantly changed to avoid detection with increased polymorphic
techniques, or even farther beyond the previous normal attack vectors
where single hack styles may have been involved, to the point of probing
the individuals system for ANY and ALL vulnerabilities once ANY entry
point is found and proofed.

-- 
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---
0
MEB
2/17/2010 4:11:15 AM
On 02/16/2010 05:47 PM, Jesper Ravn wrote:
> "MEB" <MEB-not-here@hotmail.com> skrev i meddelelsen
> news:#$r#VczrKHA.732@TK2MSFTNGP06.phx.gbl...
>>
>> Excuse the cross post, however, Windows 9X [being left out of the
>> updating process] is just as vulnerable, if not more, than using
>> outdated applications in other OSs.
>>
>> A basic explanation is found here:
>> http://blogs.zdnet.com/security/?p=5473&tag=nl.e539
>>
>> I suggest following the linked materials, and further research into the
>> various methods being used.
>> NOTE: that the use of "traffic optimization", which is running programs
>> to detect the available exploitable aspects in any given OS and/or
>> system, has increased, and is now the preferred method being used for
>> malicious activity distribution purposes.
> 
> Hello
> 
> To me it's just another fuzz story from a mainstream security
> magazine/blog, that don't focus on a good prevention strategy.
> All they care about is the scary headline and the same boring conclusion
> about Firefox......

 Ah, huh, Firefox?? oh when they mention No Script pluggin?

 Boring? When banks and accounts are being drained; when ID theft and
other credit theft is running rampant; when even the most secured sites
and devices are regularly take out/down... okay maybe that is boring to
you. Maybe if a little blood and gore was involved...
 If it is so boring why are you monitoring the group?

 Better still, why don't you outline a prevention strategy which you
think will protect the users and post it here. Perhaps we can then
critique the techniques and work up something that might be truly
helpful. And I'm not trying to put you "on the spot", but it is a
serious discussion sorely needed.

> 
> I really miss the word's "principle of least privilege" and "deny-all
> policies" in the security debate today.
> 
> /Jesper


-- 
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---
0
MEB
2/17/2010 5:00:53 AM
In message <OXf3u51rKHA.1796@TK2MSFTNGP02.phx.gbl>, David H. Lipman 
<DLipman~nospam~@Verizon.Net> writes:
>From: "MEB" <MEB-not-here@hotmail.com>
>
>
>|  Excuse the cross post, however, Windows 9X [being left out of the
>| updating process] is just as vulnerable, if not more, than using
>| outdated applications in other OSs.
>
>|  A basic explanation is found here:
>| http://blogs.zdnet.com/security/?p=5473&tag=nl.e539
>
>|  I suggest following the linked materials, and further research into the
>| various methods being used.
>|  NOTE: that the use of "traffic optimization", which is running programs
>| to detect the available exploitable aspects in any given OS and/or
>| system, has increased, and is now the preferred method being used for
>| malicious activity distribution purposes.
>
>
>Updates for Adobe Reader and Adobe Acrobat were posted Today.
>
>Adobe Reader/Acrobat V9.1.3 and v8.2.1
>
Do these exploits affect Foxit (either current versions or the last one 
that works with '98), rather than Adobe?
-- 
J. P. Gilliver. UMRA: 1960/<1985 MB++G.5AL-IS-P--Ch++(p)Ar@T0H+Sh0!:`)DNAf
** http://www.soft255.demon.co.uk/G6JPG-PC/JPGminPC.htm for ludicrously
outdated thoughts on PCs. **

Give me patience. RIGHT NOW.
0
J
2/18/2010 8:35:01 AM
From: "J. P. Gilliver (John)" <G6JPG@soft255.demon.co.uk>

| In message <OXf3u51rKHA.1796@TK2MSFTNGP02.phx.gbl>, David H. Lipman
| <DLipman~nospam~@Verizon.Net> writes:
>>From: "MEB" <MEB-not-here@hotmail.com>


>>|  Excuse the cross post, however, Windows 9X [being left out of the
>>| updating process] is just as vulnerable, if not more, than using
>>| outdated applications in other OSs.

>>|  A basic explanation is found here:
>>| http://blogs.zdnet.com/security/?p=5473&tag=nl.e539

>>|  I suggest following the linked materials, and further research into the
>>| various methods being used.
>>|  NOTE: that the use of "traffic optimization", which is running programs
>>| to detect the available exploitable aspects in any given OS and/or
>>| system, has increased, and is now the preferred method being used for
>>| malicious activity distribution purposes.


>>Updates for Adobe Reader and Adobe Acrobat were posted Today.

>>Adobe Reader/Acrobat V9.1.3 and v8.2.1

| Do these exploits affect Foxit (either current versions or the last one
| that works with '98), rather than Adobe?


The latest ones ?  No.

Previous one or two, yes.

What version of FoxIt Reader are you using ?


-- 
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp 


0
David
2/18/2010 11:22:45 AM
"J. P. Gilliver (John)" wrote:

> Do these exploits affect Foxit (either current versions or the last
> one that works with '98), rather than Adobe?

I continue to NOT see credible evidence that PDF exploits discovered
during and since 2007 are applicable or compatible with Acrobat 6.x. 
I've tried many of the published pdf POC during the past year or two and
have seen no evidence that they function correctly when exposed to
Acrobat 6.x running on Win-98se.
0
98
2/18/2010 1:20:52 PM
On 02/18/2010 08:20 AM, 98 Guy wrote:
> "J. P. Gilliver (John)" wrote:
> 
>> Do these exploits affect Foxit (either current versions or the last
>> one that works with '98), rather than Adobe?
> 
> I continue to NOT see credible evidence that PDF exploits discovered
> during and since 2007 are applicable or compatible with Acrobat 6.x. 
> I've tried many of the published pdf POC during the past year or two and
> have seen no evidence that they function correctly when exposed to
> Acrobat 6.x running on Win-98se.

 As I have explained AND directed you to before:
 You are using the "published" *example* code or the specifically coded
NT exploit to make this bold statement.
 This in no way indicates that these exploitable aspects can not work or
be leveraged in Adobe Reader 6 or any earlier versions in the Win9X or
other OSs which support the inclusion of code, internal or external
linking, prefetch activities, and/or the other factors which apply when
addressing these issues.
 The *hack packs* being distributed and methodology now being employed
look/probe for ANY vulnerability within any given system; meaning IF
there is an exploitable flaw/vulnerability during the contact, the
likelihood is it will be discovered. The PDF format is filled with
addressable flaws/vulnerabilities due to all the functions/inclusions
allowed within it; and these are merely the entry point.
 To presume that the PDF format and Reader 6 is not being leveraged is
unintelligent and fails to give credit or consideration to the known
activities hackers now employ. As Win9X needs no services crash or
memory corruption to effectuate elevation of privileges or "root" access
as in the NTs, it is far more sensible to presume that not only the
known existing Reader 6 vulnerabilities are being used, but that new
forms are being discovered and used, particularly when taken with
consideration of the polymorphic activities and *per system* hacker
activity being employed.
 On the other hand, Adobe Reader 6 does NOT allow many of the extended
activities that 7 and above do, so there are limits and some of these
specific vulnerabilities may not exist; though again, that in *no way*
means that the known or new and unpublished vulnerabilities/exploits are
not still be used/leveraged against Reader 6 [or being modified to avoid
detection], or which applied in Win9X, or within the other OSs.
 A perfect example would be the recent activity regarding the rootkit
causing BSoDs and the Microsoft updates, where within hours of the
release of the patches, the rootkit was modified and distributed to NOT
cause the BSoD, thereby allowing the patches WITHOUT the rootkit being
discovered due to the BSoD.

BSOD after MS10-015? TDL3 authors "apologize" - Feb. 16 2010
http://www.prevx.com/blog/143/BSOD-after-MS-TDL-authors-apologize.html

 To assume that Win9X hacks or applicable to the applications used
within it are not also being modified is ludicrous. In the hacker world
Win9X hacks are "kiddie hacks" meaning what hackers once cut their teeth
on, being so easy to accomplish. Moreover, one should NOT overlook the
main issues the NT patch was addressing [the kernel patch], which
addressed the 16bit coding support and DOS base access, both of which
are inherent in Win9X. There should be a "duuuuhhhh" moment, the "light
turning on" here...

 So to put it bluntly: your "have not seen credible" means zip. nada. It
happens to be what you DON'T see that is being used to hack the millions
of computers. And the above "you" includes the supposed protections like
AV which are being bypassed by the present exploits and malware.

-- 
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---
0
MEB
2/18/2010 3:24:56 PM
From: "98 Guy" <98@Guy.com>

| "J. P. Gilliver (John)" wrote:

>> Do these exploits affect Foxit (either current versions or the last
>> one that works with '98), rather than Adobe?

| I continue to NOT see credible evidence that PDF exploits discovered
| during and since 2007 are applicable or compatible with Acrobat 6.x.
| I've tried many of the published pdf POC during the past year or two and
| have seen no evidence that they function correctly when exposed to
| Acrobat 6.x running on Win-98se.

Acrobat/Reader 7 on Win9x/ME can be successfully exploited.

Adobe has already dropped support for Adobe 6 and is dropping support on v7.  Minimum 
version supported now is 8.

-- 
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp 


0
David
2/18/2010 10:10:37 PM
"David H. Lipman" wrote:

> | I continue to NOT see credible evidence that PDF exploits
> | discovered during and since 2007 are applicable or compatible
> | with Acrobat 6.x / Win-98.
> 
> Acrobat/Reader 7 on Win9x/ME can be successfully exploited.

Acrobat Reader 7 can't be installed on Win9x/me.

Reader 6 is the last version that's installable on 9x/me.
0
98
2/19/2010 2:03:58 AM
From: "98 Guy" <98@Guy.com>

| "David H. Lipman" wrote:

>> | I continue to NOT see credible evidence that PDF exploits
>> | discovered during and since 2007 are applicable or compatible
>> | with Acrobat 6.x / Win-98.

>> Acrobat/Reader 7 on Win9x/ME can be successfully exploited.

| Acrobat Reader 7 can't be installed on Win9x/me.

| Reader 6 is the last version that's installable on 9x/me.

Mea culpa  :-(

-- 
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp 


0
David
2/19/2010 2:26:19 AM
On 02/17/2010 12:00 AM, MEB wrote:
> On 02/16/2010 05:47 PM, Jesper Ravn wrote:
>> "MEB" <MEB-not-here@hotmail.com> skrev i meddelelsen
>> news:#$r#VczrKHA.732@TK2MSFTNGP06.phx.gbl...
>>>
>>> Excuse the cross post, however, Windows 9X [being left out of the
>>> updating process] is just as vulnerable, if not more, than using
>>> outdated applications in other OSs.
>>>
>>> A basic explanation is found here:
>>> http://blogs.zdnet.com/security/?p=5473&tag=nl.e539
>>>
>>> I suggest following the linked materials, and further research into the
>>> various methods being used.
>>> NOTE: that the use of "traffic optimization", which is running programs
>>> to detect the available exploitable aspects in any given OS and/or
>>> system, has increased, and is now the preferred method being used for
>>> malicious activity distribution purposes.
>>
>> Hello
>>
>> To me it's just another fuzz story from a mainstream security
>> magazine/blog, that don't focus on a good prevention strategy.
>> All they care about is the scary headline and the same boring conclusion
>> about Firefox......
> 
>  Ah, huh, Firefox?? oh when they mention No Script pluggin?
> 
>  Boring? When banks and accounts are being drained; when ID theft and
> other credit theft is running rampant; when even the most secured sites
> and devices are regularly take out/down... okay maybe that is boring to
> you. Maybe if a little blood and gore was involved...
>  If it is so boring why are you monitoring the group?
> 
>  Better still, why don't you outline a prevention strategy which you
> think will protect the users and post it here. Perhaps we can then
> critique the techniques and work up something that might be truly
> helpful. And I'm not trying to put you "on the spot", but it is a
> serious discussion sorely needed.
> 
>>
>> I really miss the word's "principle of least privilege" and "deny-all
>> policies" in the security debate today.
>>
>> /Jesper
> 
> 

 Hmm, that went nowhere, okay how about we take a look at HOW some of
these things are setup, WHAT is used, and WHAT the intent is.

 Perhaps an inside look at some of the current botnets, what makes them
up, some of the methodology being employed, and how it relates to some
of the supposed "just merely malware", might start the needed discussion
[of course still attempting to bring the linked materials from the
original article into the discussion as well].

 Let's start with one additional security related blog [though again I
recommend following the links for deeper background and further
information]:

http://ddanchev.blogspot.com/search?updated-min=2010-01-01T00%3A00%3A00%2B01%3A00&updated-max=2011-01-01T00%3A00%3A00%2B01%3A00&max-results=15

-- 
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---
0
MEB
2/20/2010 4:16:14 AM
In message <OdSx1yIsKHA.4428@TK2MSFTNGP04.phx.gbl>, David H. Lipman 
<DLipman~nospam~@Verizon.Net> writes:
[]
>| Do these exploits affect Foxit (either current versions or the last one
>| that works with '98), rather than Adobe?
>
>
>The latest ones ?  No.
>
>Previous one or two, yes.

Sorry, do you mean:

The latest exploits don't affect Foxit but previous ones do

or

The latest (98-compatible?) Foxit is OK but previous ones aren't

?
>
>What version of FoxIt Reader are you using ?
>
>
Oops, another thing on my "to do" list for this (XP) machine. Can't 
remember what version of Foxit I'm using on my '98 machine(s), but they 
rarely go online these days. I was asking more for others' benefit, in 
that if Foxit _is_ safe, then I'd thoroughly recommend it as an 
alternative anyway - it seems to me far better behaved than Acrobat 
Reader.
-- 
J. P. Gilliver. UMRA: 1960/<1985 MB++G.5AL-IS-P--Ch++(p)Ar@T0H+Sh0!:`)DNAf
** http://www.soft255.demon.co.uk/G6JPG-PC/JPGminPC.htm for ludicrously
outdated thoughts on PCs. **

No matter how beautiful a girl is, no matter how much you might love her,
squeeze her tight enough and she'll fart - Joe Barron, quoted by son Fred ("My
Family" creator), RT, 15-21 March 2003
0
J
2/20/2010 10:42:43 AM
From: "J. P. Gilliver (John)" <G6JPG@soft255.demon.co.uk>

| In message <OdSx1yIsKHA.4428@TK2MSFTNGP04.phx.gbl>, David H. Lipman
| <DLipman~nospam~@Verizon.Net> writes:
| []
>>| Do these exploits affect Foxit (either current versions or the last one
>>| that works with '98), rather than Adobe?


>>The latest ones ?  No.

>>Previous one or two, yes.

| Sorry, do you mean:

| The latest exploits don't affect Foxit but previous ones do

| or

| The latest (98-compatible?) Foxit is OK but previous ones aren't

| ?

>>What version of FoxIt Reader are you using ?


| Oops, another thing on my "to do" list for this (XP) machine. Can't
| remember what version of Foxit I'm using on my '98 machine(s), but they
| rarely go online these days. I was asking more for others' benefit, in
| that if Foxit _is_ safe, then I'd thoroughly recommend it as an
| alternative anyway - it seems to me far better behaved than Acrobat
| Reader.


There are some PDF vulnerabilities that FoxIt is vulnerable to and some that both Adobe 
and FoxIt are vulnerable to.

-- 
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp 


0
David
2/20/2010 1:23:12 PM
In message <Oq7xb$isKHA.3408@TK2MSFTNGP06.phx.gbl>, David H. Lipman 
<DLipman~nospam~@Verizon.Net> writes:
[]
>There are some PDF vulnerabilities that FoxIt is vulnerable to and some 
>that both Adobe
>and FoxIt are vulnerable to.
>
Is the former a subset of the latter (i. e. Foxit is vulnerable to some, 
and Adobe to those and more), or are they overlapping sets (such that 
there are some Foxit is vulnerable to that Adobe is _not_)?
-- 
J. P. Gilliver. UMRA: 1960/<1985 MB++G.5AL-IS-P--Ch++(p)Ar@T0H+Sh0!:`)DNAf
** http://www.soft255.demon.co.uk/G6JPG-PC/JPGminPC.htm for ludicrously
outdated thoughts on PCs. **

Who's General Failure & why's he reading my disk? (Stolen from another .sig)
0
J
2/20/2010 1:38:22 PM
"J. P. Gilliver (John)" <G6JPG@soft255.demon.co.uk> wrote in message 
news:WvuUtDyOX+fLFwvJ@soft255.demon.co.uk...
> In message <Oq7xb$isKHA.3408@TK2MSFTNGP06.phx.gbl>, David H. Lipman 
> <DLipman~nospam~@Verizon.Net> writes:
> []
>>There are some PDF vulnerabilities that FoxIt is vulnerable to and 
>>some that both Adobe
>>and FoxIt are vulnerable to.
>>
> Is the former a subset of the latter (i. e. Foxit is vulnerable to 
> some, and Adobe to those and more), or are they overlapping sets (such 
> that there are some Foxit is vulnerable to that Adobe is _not_)?

It sounds like a logical assumption.

http://www.foxitsoftware.com/pdf/reader/security.htm 


0
FromTheRafters
2/20/2010 2:18:36 PM
From: "J. P. Gilliver (John)" <G6JPG@soft255.demon.co.uk>

| In message <Oq7xb$isKHA.3408@TK2MSFTNGP06.phx.gbl>, David H. Lipman
| <DLipman~nospam~@Verizon.Net> writes:
| []
>>There are some PDF vulnerabilities that FoxIt is vulnerable to and some
>>that both Adobe
>>and FoxIt are vulnerable to.

| Is the former a subset of the latter (i. e. Foxit is vulnerable to some,
| and Adobe to those and more), or are they overlapping sets (such that
| there are some Foxit is vulnerable to that Adobe is _not_)?


FoxIt suffers from a subset (so to speak) of the greater amount of vulnerabilities that 
afflict Adobe Reader/Acrobat.

-- 
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp 


0
David
2/20/2010 2:45:13 PM
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message 
news:%2390FRtjsKHA.5124@TK2MSFTNGP05.phx.gbl...
> From: "J. P. Gilliver (John)" <G6JPG@soft255.demon.co.uk>
>
> | In message <Oq7xb$isKHA.3408@TK2MSFTNGP06.phx.gbl>, David H. Lipman
> | <DLipman~nospam~@Verizon.Net> writes:
> | []
>>>There are some PDF vulnerabilities that FoxIt is vulnerable to and 
>>>some
>>>that both Adobe
>>>and FoxIt are vulnerable to.
>
> | Is the former a subset of the latter (i. e. Foxit is vulnerable to 
> some,
> | and Adobe to those and more), or are they overlapping sets (such 
> that
> | there are some Foxit is vulnerable to that Adobe is _not_)?
>
>
> FoxIt suffers from a subset (so to speak) of the greater amount of 
> vulnerabilities that
> afflict Adobe Reader/Acrobat.

I think he's asking a math question.

To define his "sets" he may need to clarify some things. The 
vulnerability is in the software used to process the PDF format files 
and implement their extensions.

Some vulnerabilities may be for Foxit *only*, some for Adobe *only* and 
some for *both*. Intersecting sets.


0
FromTheRafters
2/20/2010 3:14:38 PM
On 02/20/2010 07:02 PM, Jeff Richards wrote:
> You may not be aware that there is an ongoing campaign to introduce as much 
> irrelevant material as possible, particularly if it relates to security, 
> into the W98 groups, mostly by casual addition of the W98 groups to postings 
> in groups related to other versions of Windows.  This is done purely to 
> enhance the status of several trolls who think they are making themselves 
> appear knowledgeable about W98.  All they are doing is completely confusing 
> the W98 users and creating flame wars which are then fanned as much as 
> possible.  It would be helpful to the W98 groups if this irrelevant 
> crossposting was removed before replying.
> 
> Thanks,

 Excuse me, do you have something you wish to say.
 Please show us how knowledgeable you are Jeff.

 Show us WITH SPECIFICS, that Win98 hacks are not being used and Windows
98 users can rest assured that parties like you are providing the
information they need to protect themselves while on the Internet when
confronted with PDFs, Flash, JAVA, email attacks, and other factors one
finds out here.
 While you are explaining these facts [per your thoughts] please explain
your prior support of installation of IE6 files from Win2K AFTER the EOL
of Win98 as recently as the 10th month of last year, into the Win98 OS
and how it would/will protect Win98 users.

 Or is it that you believe Win98 users should be "kept in the dark" and
continue to be provided with false information regarding their security
by those apparently without the comprehension to understand the threats
involved?

-- 
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---
0
MEB
2/21/2010 3:46:19 AM
In message <OG3vt9jsKHA.3408@TK2MSFTNGP06.phx.gbl>, FromTheRafters 
<erratic@nomail.afraid.org> writes:
>"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
>news:%2390FRtjsKHA.5124@TK2MSFTNGP05.phx.gbl...
>> From: "J. P. Gilliver (John)" <G6JPG@soft255.demon.co.uk>
>>
>> | In message <Oq7xb$isKHA.3408@TK2MSFTNGP06.phx.gbl>, David H. Lipman
>> | <DLipman~nospam~@Verizon.Net> writes:
>> | []
>>>>There are some PDF vulnerabilities that FoxIt is vulnerable to and
>>>>some
>>>>that both Adobe
>>>>and FoxIt are vulnerable to.
>>
>> | Is the former a subset of the latter (i. e. Foxit is vulnerable to
>> some,
>> | and Adobe to those and more), or are they overlapping sets (such
>> that
>> | there are some Foxit is vulnerable to that Adobe is _not_)?
>>
I'm confused now ...
>>
>> FoxIt suffers from a subset (so to speak) of the greater amount of
>> vulnerabilities that
>> afflict Adobe Reader/Acrobat.

.... if the above is true, then one will always be safer (safer, not 
safe!) by using Foxit than Acrobat. But ...
>
>I think he's asking a math question.

(I did express it in that way, yes - sorry if it caused confusion.)
>
>To define his "sets" he may need to clarify some things. The
>vulnerability is in the software used to process the PDF format files
>and implement their extensions.
>
>Some vulnerabilities may be for Foxit *only*, some for Adobe *only* and
>some for *both*. Intersecting sets.
>
>
.... if that is true, then "Foxit is always safer" is NOT true.

And then there's the question of how the latest version of each _that 
will work under '98_ compare with respect to these vulnerabilities, and 
also whether any vulnerabilities either is subject to are actually a 
concern under 98 ...

So to summarise, the questions are:

What is the latest version of Foxit that runs under '98, and what 
vulnerabilities is that version subject to which actually are a threat 
under '98?
What is the latest version of Acrobat that runs under '98, and what 
vulnerabilities is that version subject to which actually are a threat 
under '98?
How do those lists compare?
-- 
J. P. Gilliver. UMRA: 1960/<1985 MB++G.5AL-IS-P--Ch++(p)Ar@T0H+Sh0!:`)DNAf
** http://www.soft255.demon.co.uk/G6JPG-PC/JPGminPC.htm for ludicrously
outdated thoughts on PCs. **

Who's General Failure & why's he reading my disk? (Stolen from another .sig)
0
J
2/21/2010 12:57:11 PM
MEB wrote:

> Show us WITH SPECIFICS, that Win98 hacks are not being used

Meb again is asking for negative proof.  He is asking that a negative be
proved- that something DOES NOT exist or that something DOES NOT happen.

Either Meb is truely a moron and doesn't understand the concept of a
negative proof, or he knows that full well but is nonetheless using it
to support his mindless arguments.

A negative can usually never be proved unless the scope of the argument
is sufficiently small.  In this case, the scope of the argument (all
data that can pass between or into any computer on planet earth) is too
large to rationally ask for a negative proof.

But this is frequently how MEB responds in an argument.  You can never
ask him for a positive example to prove his point - he will always turn
it around and ask you to supply a negative proof.

> Or is it that you believe Win98 users should be "kept in the
> dark" and continue to be provided with false information
> regarding their security by those apparently without the
> comprehension to understand the threats involved?

You have failed time and time again to explain why you do not test
various threats on your win-98 system and post the results.  All you
ever do is blather on and on and on about the latest flash or adobe
threats and post CERT pgp keys (god knows why you do that) without
providing any shread of evidence that those threats or exploits are
operable on win-98 systems.

And when others post the observation / suggestion that win-98 users
apply IE-patch rollups released by Microsoft for win-2k IE6-sp1, you
froth at the mouth against doing that, claiming it would make win-98
systems *less* secure.

You claim that IE6 was never properly "ported" to win-98, but your
analysis is based on a faulty understanding of dependency walker and a
faulty understanding of multi-platform DLL's.

I post most of this here for the benefit of those of you here in
microsoft.public.security.homeusers for whom MEB is an unknown
quantity.  He is a well-known kook here in m.p.win98.gen_discussion.
0
98
2/21/2010 3:17:58 PM
98 Guy

Do yourself a favor and get a life. You are wrong and you are beating a dead horse. 
Being foolish does not make you look good and your little credibility that you had 
is also going the way of the wind .

-- 
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

"98 Guy" <98@Guy.com> wrote in message news:4B814EA6.75ABF29A@Guy.com...
> MEB wrote:
>
>> Show us WITH SPECIFICS, that Win98 hacks are not being used
>
> Meb again is asking for negative proof.  He is asking that a negative be
> proved- that something DOES NOT exist or that something DOES NOT happen.
>
> Either Meb is truely a moron and doesn't understand the concept of a
> negative proof, or he knows that full well but is nonetheless using it
> to support his mindless arguments.
>
> A negative can usually never be proved unless the scope of the argument
> is sufficiently small.  In this case, the scope of the argument (all
> data that can pass between or into any computer on planet earth) is too
> large to rationally ask for a negative proof.
>
> But this is frequently how MEB responds in an argument.  You can never
> ask him for a positive example to prove his point - he will always turn
> it around and ask you to supply a negative proof.
>
>> Or is it that you believe Win98 users should be "kept in the
>> dark" and continue to be provided with false information
>> regarding their security by those apparently without the
>> comprehension to understand the threats involved?
>
> You have failed time and time again to explain why you do not test
> various threats on your win-98 system and post the results.  All you
> ever do is blather on and on and on about the latest flash or adobe
> threats and post CERT pgp keys (god knows why you do that) without
> providing any shread of evidence that those threats or exploits are
> operable on win-98 systems.
>
> And when others post the observation / suggestion that win-98 users
> apply IE-patch rollups released by Microsoft for win-2k IE6-sp1, you
> froth at the mouth against doing that, claiming it would make win-98
> systems *less* secure.
>
> You claim that IE6 was never properly "ported" to win-98, but your
> analysis is based on a faulty understanding of dependency walker and a
> faulty understanding of multi-platform DLL's.
>
> I post most of this here for the benefit of those of you here in
> microsoft.public.security.homeusers for whom MEB is an unknown
> quantity.  He is a well-known kook here in m.p.win98.gen_discussion. 

0
Peter
2/21/2010 6:40:13 PM
"J. P. Gilliver (John)" <G6JPG@soft255.demon.co.uk> wrote in message 
news:EcLgxONn2SgLFw32@soft255.demon.co.uk...
>>"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
>>news:%2390FRtjsKHA.5124@TK2MSFTNGP05.phx.gbl...

>>> FoxIt suffers from a subset (so to speak) of the greater amount of
>>> vulnerabilities that
>>> afflict Adobe Reader/Acrobat.
>
> ... if the above is true, then one will always be safer (safer, not 
> safe!) by using Foxit than Acrobat. But ...

False conclusion, because it is the future you are gambling on. Maybe 
Adobe's code has been tested more rigorously now, and FoxIt's code 
remains to be tested.

>>I think he's asking a math question.
>
> (I did express it in that way, yes - sorry if it caused confusion.)

I infer from David's post that he is attesting to the fact that the 
Adobe PDF vulnerability set has many more members than does the FoxIt 
Reader PDF vulnerability set.

>>To define his "sets" he may need to clarify some things. The
>>vulnerability is in the software used to process the PDF format files
>>and implement their extensions.
>>
>>Some vulnerabilities may be for Foxit *only*, some for Adobe *only* 
>>and
>>some for *both*. Intersecting sets.
>>
>>
> ... if that is true, then "Foxit is always safer" is NOT true.

I don't see how that conclusion hinges upon my statement.

Anyway, even though I don't know anything about either program, I could 
suggest that FoxIt Reader is safer than Adobe's. This is based only on 
my strong suspicion that Adobe's has more lines of code.

> And then there's the question of how the latest version of each _that 
> will work under '98_ compare with respect to these vulnerabilities, 
> and also whether any vulnerabilities either is subject to are actually 
> a concern under 98 ...

Well, Win98 is practically impervious to any privilege escalation 
exploits.
Filesystem security sure isn't an issue. :oD

You should ask in the Win98 group. Treat PDFs as you would executables - 
no browser add-on to autorender content - no scripting or "Flash" 
extensions etc...

.... the devil is in the extensions (usually)

> So to summarise, the questions are:
>
> What is the latest version of Foxit that runs under '98, and what 
> vulnerabilities is that version subject to which actually are a threat 
> under '98?

One thing about 98 and NT versions is that even though an exploit can be 
written that affects all, it is often coupled with shellcode or further 
processing that is OS specific. 98 is becoming less of a target, so 
actual threat decreases. A remote code execution exploit using a PDF 
file may have shellcode to get control of an XP machine while only doing 
a DoS to a 98 machine.

This doesn't mean that the writer couldn't have just as easily written 
the shellcode part of the exploit for the Win98 machine.

> What is the latest version of Acrobat that runs under '98, and what 
> vulnerabilities is that version subject to which actually are a threat 
> under '98?

Another one specifically for the 98 group.

> How do those lists compare?

Have fun with your research, I suspect you will end up with FoxIt being 
the better choice even if it is old and unpatched.



0
FromTheRafters
2/22/2010 12:57:19 AM
"98 Guy" <98@Guy.com> wrote in message news:4B814EA6.75ABF29A@Guy.com...

[...]

> without providing any shread of evidence that those threats
> or exploits are operable on win-98 systems.

Considering exploits, it is not reasonable to assume that your OS is 
more secure just because an exploit is not operable on it.

If the vulnerable software falls over, but the OS doesn't recognise the 
shellcode, the system is *still* vulnerable to the exploit. If it is an 
NT specific malware *payload* you might not be vulnerable to the 
payload, but you still are vulnerable to the exploit. It is the exploit 
that delivers the payload (often in the form of shellcode).

Just because a malware instance can't complete its worm function on a 
Win98 system does not mean it cannot complete its PE infection routine 
and be a virus on Win98.





0
FromTheRafters
2/22/2010 1:52:54 AM
A key issue is that of automatic-updaters which install crapware along with 
updates. Adobe are particularly guilty of this. Because of this antisocial 
practice, an increasing number of users are refusing to patch their software.

In the interests of promoting security, the attaching of crapware to 
security updates should be made illegal. Though, even if that were done 
tomorrow it would take a long time to win back the confidence of users, that 
updates can be trusted. 

"David H. Lipman" wrote:

> From: "J. P. Gilliver (John)" <G6JPG@soft255.demon.co.uk>
> 
> | In message <Oq7xb$isKHA.3408@TK2MSFTNGP06.phx.gbl>, David H. Lipman
> | <DLipman~nospam~@Verizon.Net> writes:
> | []
> >>There are some PDF vulnerabilities that FoxIt is vulnerable to and some
> >>that both Adobe
> >>and FoxIt are vulnerable to.
> 
> | Is the former a subset of the latter (i. e. Foxit is vulnerable to some,
> | and Adobe to those and more), or are they overlapping sets (such that
> | there are some Foxit is vulnerable to that Adobe is _not_)?
> 
> 
> FoxIt suffers from a subset (so to speak) of the greater amount of vulnerabilities that 
> afflict Adobe Reader/Acrobat.
> 
> -- 
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp 
> 
> 
> .
> 
0
Utf
2/24/2010 6:22:08 PM
From: "Anteaus" <Anteaus@discussions.microsoft.com>


| A key issue is that of automatic-updaters which install crapware along with
| updates. Adobe are particularly guilty of this. Because of this antisocial
| practice, an increasing number of users are refusing to patch their software.

| In the interests of promoting security, the attaching of crapware to
| security updates should be made illegal. Though, even if that were done
| tomorrow it would take a long time to win back the confidence of users, that
| updates can be trusted.


Never had a problem downloading updates from the Adobe FTP site and installing them 
without the crapware.


-- 
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp 


0
David
2/24/2010 9:28:48 PM
David H. Lipman wrote:
> From: "Anteaus"<Anteaus@discussions.microsoft.com>
>
>
> | A key issue is that of automatic-updaters which install crapware along with
> | updates. Adobe are particularly guilty of this. Because of this antisocial
> | practice, an increasing number of users are refusing to patch their software.
>
> | In the interests of promoting security, the attaching of crapware to
> | security updates should be made illegal. Though, even if that were done
> | tomorrow it would take a long time to win back the confidence of users, that
> | updates can be trusted.
>
>
> Never had a problem downloading updates from the Adobe FTP site and installing them
> without the crapware.
>
>

<rant>
As if you're a Typical Windows User, David. The TWU will usually install 
anything that's been pre-checked because, for some reason, they trust 
ISVs Security updates.
Unfortunately, the ISVs define what can be included with Security 
updates and their Users are just supposed to open wide and swallow all 
the unneeded/unwanted "fluff" they attempt to stuff onto their systems.

So, in effect, the "fluff" pays for the development and distribution of 
Security updates that ISVs need push out for their software.
There's no incentive for said ISVs to release secure software as they 
can recoup the above funds by installing "fluff" on unsuspecting 
victims' systems

No sane person should be running Flash Player or Adobe Reader at this 
point in time as it's quite apparent that Adoobie does not care one whit 
about their Users' security but loves to install "fluff" such as McAfee 
Security Scan or a toolbar when purportedly updating either "product".

</endrant>

MowGreen
================
  *-343-* FDNY
Never Forgotten
================

banthecheck.com
"Security updates should *never* have *non-security content* prechecked
0
MowGreen
2/25/2010 12:37:27 AM
From: "MowGreen" <mowgreen@nowandzen.com>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

Adobe Releases a Security Update for Download Manager

Original release date: February 24, 2010 at 10:01 am Last revised:
February 24, 2010 at 10:01 am


Adobe has released a security bulletin to address a vulnerability in the
Adobe Download Manager. This vulnerability could allow an attacker to
download and install unauthorized software.

US-CERT encourages users and administrators to review security bulletin
APSB10-08 and review the steps to mitigate the issue.

Relevant Url(s):
<http://www.adobe.com/support/security/bulletins/apsb10-08.html>

====
This entry is available at
http://www.us-cert.gov/current/index.html#adobe_releases_a_security_update

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBS4VFby/E9ke+6HGsAQLJ5QgA0PeS9XdVufNPmlS2mmKjziLpjrq2D7k6
wdzGuI0d36jz3O0AXq9W1oAZJqo2jAwR9hcWV0A18nuPZEBXcjIiBNpPTeUJ8R5d
KrHz6ilNz2zOK3Ynw9ycz2tjfp7nMA6NBiAp+WCLQ2Fm4PVeOykW7jvV6cyiMR3x
MaaYe/5XgaOrW6XGhdFuZawRRweCR+trZ6/2jveTTf5P3q4mvf3gxf9cJQdKnqt7
yoJLNTdUqjoWLXZ/cdu/r89rVanClLrWXmxBxDS+/+3T7oxz+OeFI6ZzgkN1LZRc
coGLk8lrPqZLe2ylQfhS8K0m5SWu0lodTZFAM5YkYSHoLXbvqtQqWw==
=h+g8
-----END PGP SIGNATURE-----

-- 
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp 


0
David
2/25/2010 5:02:42 PM
Top-Poaster Peter Foldes wrote in response to my summary of MEB:

> 98 Guy
> 
> Do yourself a favor and get a life. You are wrong and you are
> beating a dead horse.  Being foolish does not make you look
> good and your little credibility that you had is also going
> the way of the wind .

I'm not sure if you're in agreement about what I said about MEB or if
you're trying to defend / support him with the above comment.
0
98
2/25/2010 10:08:21 PM
FromTheRafters wrote:
 
> > without providing any shread of evidence that those threats
> > or exploits are operable on win-98 systems.
> 
> Considering exploits, it is not reasonable to assume that your
> OS is more secure just because an exploit is not operable on
> it.

I think you mean payload - not exploit.

If a given piece of exploit code is not operable on a given platform,
then how can that platform be vulnerable to the exploit or any
hypothetical payload / shell-code that might follow?  How do you define
vulnerable in that context?

> If the vulnerable software falls over, but the OS doesn't
> recognise the shellcode, the system is *still* vulnerable
> to the exploit.

But there's no consequence if either or both the exploit or the
shellcode does not function properly on a given system.

If the exploit or the shellcode causes the application (or the OS) to
crash, well that's just a nuisance that's not likely going to be
repeated by the user.

I don't really consider DoS's to be a significant or credible threat to
anonymous end-users (what's the point?).

> If it is an NT specific malware *payload* you might not be
> vulnerable to the payload, but you still are vulnerable to
> the exploit.

Until we see a functional example of an operable PDF exploit AND payload
for the Win-98/Acrobat-6 combination then we can't be sure *if* there is
a viable exploit in the first place.
0
98
2/25/2010 10:23:00 PM
"David H. Lipman" wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> -----BEGIN PGP SIGNATURE-----
> -----END PGP SIGNATURE-----

Was it necessary to post the PGP key?
0
98
2/25/2010 10:25:25 PM
From: "98 Guy" <98@Guy.com>

| "David H. Lipman" wrote:

>> -----BEGIN PGP SIGNED MESSAGE-----
>> -----BEGIN PGP SIGNATURE-----
>> -----END PGP SIGNATURE-----

| Was it necessary to post the PGP key?

Was it neccessary to comment on my "quoting" an official US CERT message ?

I think NOT !  The answer is YES, it was.

-- 
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp 


0
David
2/25/2010 10:49:13 PM
"98 Guy" <98@Guy.com> wrote in message news:4B86F844.D2B1853E@Guy.com...
> FromTheRafters wrote:
>
>> > without providing any shread of evidence that those threats
>> > or exploits are operable on win-98 systems.
>>
>> Considering exploits, it is not reasonable to assume that your
>> OS is more secure just because an exploit is not operable on
>> it.
>
> I think you mean payload - not exploit.

Yes, I meant "threat" not "exploit".

> If a given piece of exploit code is not operable on a given platform,
> then how can that platform be vulnerable to the exploit or any
> hypothetical payload / shell-code that might follow?  How do you 
> define
> vulnerable in that context?

The exploit in this case is against the application, what follows might 
be OS platform specific. For instance If a demo exploit has a benign 
payload (like executing notepad) it may work for all versions, but if a 
real world exploit calls cmd.exe (which W98 doesn't have) then the 
threat is still valid even though it isn't operable on your OS.

>> If the vulnerable software falls over, but the OS doesn't
>> recognise the shellcode, the system is *still* vulnerable
>> to the exploit.
>
> But there's no consequence if either or both the exploit or the
> shellcode does not function properly on a given system.

It could mean the difference between a worm instance being hosted and a 
DoS against the vulnerable application.

> If the exploit or the shellcode causes the application (or the OS) to
> crash, well that's just a nuisance that's not likely going to be
> repeated by the user.
>
> I don't really consider DoS's to be a significant or credible threat 
> to
> anonymous end-users (what's the point?).

Well then, a DoS exploit is not an exploit to you?

>> If it is an NT specific malware *payload* you might not be
>> vulnerable to the payload, but you still are vulnerable to
>> the exploit.
>
> Until we see a functional example of an operable PDF exploit AND 
> payload
> for the Win-98/Acrobat-6 combination then we can't be sure *if* there 
> is
> a viable exploit in the first place.

I suppose you have your own unique definition of payload then? 


0
FromTheRafters
2/26/2010 12:17:51 AM
FromTheRafters wrote:

> > I don't really consider DoS's to be a significant or credible
> > threat to anonymous end-users (what's the point?).
> 
> Well then, a DoS exploit is not an exploit to you?

To exploit something generally means to make some use of it.

When a computer is exploited, it means (in this context) that a third
party is or has gained some use or operational control over it.

DoS events and exploits are not (to my knowledge) used against the
average web-surfer, e-mail reader, home or soho user - but instead are
used against specific machines, servers, etc.

There are some exploits that have no function other than to cause
instability or crash a target system (ie- DoS).  The use of such
"exploit" code in that situation will achieve some goal by the attacker,
but I question if it can be said that the target machine was actually
"exploited" in the process.

> > Until we see a functional example of an operable PDF exploit
> > AND payload for the Win-98/Acrobat-6 combination then we
> > can't be sure *if* there is a viable exploit in the first
> > place.
> 
> I suppose you have your own unique definition of payload then?

Where do I say that?

I'm just saying that there has not been any PDF exploit-code analysis
that I've ever seen where it was proved or shown that the exploit would
work on a win-98/acrobat-6 system.  And going further, I'm not aware of
an appropriate payload / shellcode that has ever circulated in the wild
to go along with such an exploit.
0
98
2/26/2010 2:46:55 AM
"98 Guy" <98@Guy.com> wrote in message news:4B87361F.9E7782B4@Guy.com...
> FromTheRafters wrote:
>
>> > I don't really consider DoS's to be a significant or credible
>> > threat to anonymous end-users (what's the point?).
>>
>> Well then, a DoS exploit is not an exploit to you?
>
> To exploit something generally means to make some use of it.

Exactly, but what you are exploiting is the vulnerability. You make use 
of the vulnerability to affect a DoS.

> When a computer is exploited, it means (in this context) that a third
> party is or has gained some use or operational control over it.

It always starts with a DoS.

> DoS events and exploits are not (to my knowledge) used against the
> average web-surfer, e-mail reader, home or soho user - but instead are
> used against specific machines, servers, etc.

That would be dDoS (distributed DoS) attacks.

> There are some exploits that have no function other than to cause
> instability or crash a target system (ie- DoS).  The use of such
> "exploit" code in that situation will achieve some goal by the 
> attacker,
> but I question if it can be said that the target machine was actually
> "exploited" in the process.

The vulnerability was exploited to do a DoS.

>> > Until we see a functional example of an operable PDF exploit
>> > AND payload for the Win-98/Acrobat-6 combination then we
>> > can't be sure *if* there is a viable exploit in the first
>> > place.
>>
>> I suppose you have your own unique definition of payload then?
>
> Where do I say that?

I inferred it from your evident need for coupling payload with exploit.

> I'm just saying that there has not been any PDF exploit-code analysis
> that I've ever seen where it was proved or shown that the exploit 
> would
> work on a win-98/acrobat-6 system.  And going further, I'm not aware 
> of
> an appropriate payload / shellcode that has ever circulated in the 
> wild
> to go along with such an exploit.

I can agree with that observation. 


0
FromTheRafters
2/26/2010 3:18:43 AM
On Tue, 16 Feb 2010 23:47:24 +0100, "Jesper Ravn" =
<jesper_ravn@hotmail.com> wrote:

>"MEB" <MEB-not-here@hotmail.com> skrev i meddelelsen=20
>news:#$r#VczrKHA.732@TK2MSFTNGP06.phx.gbl...
>>
>> Excuse the cross post, however, Windows 9X [being left out of the
>> updating process] is just as vulnerable, if not more, than using
>> outdated applications in other OSs.
>>
>> A basic explanation is found here:
>> http://blogs.zdnet.com/security/?p=3D5473&tag=3Dnl.e539
>>
>> I suggest following the linked materials, and further research into =
the
>> various methods being used.
>> NOTE: that the use of "traffic optimization", which is running =
programs
>> to detect the available exploitable aspects in any given OS and/or
>> system, has increased, and is now the preferred method being used for
>> malicious activity distribution purposes.
>
>Hello
>
>To me it's just another fuzz story from a mainstream security =
magazine/blog,=20
>that don't focus on a good prevention strategy.
>All they care about is the scary headline and the same boring conclusion=
=20
>about Firefox......
>
>I really miss the word's "principle of least privilege" and "deny-all=20
>policies" in the security debate today.
>
>/Jesper=20

You could always switch to any other OS that properly supports the =
concept.
0
JosephKK
3/19/2010 11:23:57 AM
Reply:

Similar Artilces:

pdf writer check
Hi, I want to add a button on a sheet that will print sheets 5-9 to a pdf file. I'm gonna have a play to try and work this out myself (I'm even gonna try and get it to calculate page numbers and create a contents page within the workbook! - any tips appreciated!!). Starting question I have that I certainly need help with is this: Is there some code I can write to identify whether or not the user has pdf writer installed on their machine? I want to disable the button on sheet activation if they don't have the appropriate software. Thanks! Basil If you talk a...

PDF password
Can I send a PDF that requires a password to open? I want to send PDF files to an email account with multiple users, but only want selected users to be able to open the attachment. Outlook has no control over the security of a PDF file, that's handled by the PDF file creation software and the reader, but you can certainly e-mail the file to the recipients. Glenna wrote: > Can I send a PDF that requires a password to open? I want to send PDF files > to an email account with multiple users, but only want selected users to be > able to open the attachment. I...

open a pdf file in excel
Is it possible to open or convert a pdf file into Excel? Hi dsa Look on this page from David McRitchie http://www.mvps.org/dmcritchie/excel/pdf.htm -- Regards Ron de Bruin (Win XP Pro SP-1 XL2000-2003) www.rondebruin.nl "dsa" <anonymous@discussions.microsoft.com> wrote in message news:B4F34E43-7ECC-4C9B-856C-DD631DE875EC@microsoft.com... > Is it possible to open or convert a pdf file into Excel? ...

Comparison bar graphs
I would like to have a bar graph showing a comparison between numbers from three years. This is my data: Jun-06 1164 Jun-07 1284 Jun-08 2128 Jul-06 1375 Jul-07 1649 Jul-08 2316 Aug-06 1585 Aug-07 1694 Aug-08 2374 I can get this information to show up as a bar graph, but it is in chronological order (June 2006, then July 2006, etc.). I would rather have all of the June numbers side-by-side, then all of the July, etc. so I can show a month-by-month comparison. I also do not want all of the other months of the year shown along the x-axis, just June/July/ August. Is this possible to do easil...

pdf
Good staff wanted to create a PDF in Visual C + +. Net, it would contain information from the database. He has to print what is in the form windows... dataset to pdf or GridView to pdf Is this a question? Does it have a point? Would it matter if the staff was evil? Do they still want to? If the question is "How can I create a PDF file?" the answer is to get any number of PDF printer drivers and simply open one and print to it. Alternatively, you can look for any number of open-source PDF converter. Google would be a good start. joe On Sun, 9 Mar 2008 16:49:01 -0700, Ma...

.rtf and .pdf attachments on one pc
I have a user using outlook2000 with every service pack and patch known to man that will not open 2 attachments. The attachments are coming from an automatically generated email from an AS400 system. This user receives lots of other reports like this and has no problem opening them OTHER users get these same reports and open the attachments with no problem. when the user tries to open the attachment, it opens the system32 folder under the windows folder and that is all. I haven't a clue as to what to do about this problem. ...

Save Brochure as JPEG or PDF
Created Brochure in Publisher 2003. Tried to save as JPEG. JPEG only saves one of two pages. If display page two, JPEG will be page two only. Want to save both pages in one file to send. PDF will work as well. Required JPEG or PDF must keep colors of Brochure. Thanx in advance. Dan Dan wrote: > Created Brochure in Publisher 2003. Tried to save as JPEG. JPEG only > saves one of two pages. If display page two, JPEG will be page two > only. Want to save both pages in one file to send. PDF will work as > well. Required JPEG or PDF must keep colors of Brochure. Thanx in > advance...

another one with the saveto PDF problem in office 2008 SP2
Hi All, please, there is a workaround to bypass the problem born with Excel 2007 SP2 , which cause the PDF saved files not correctly resized? many thanks, i hope a solution... stex Hi stefano Have a look at the reply to "Excel 2007 save as pdf page size error" in Excel General Questions Seems to have worked for me. "stefano ceccato" wrote: > Hi All, please, there is a workaround to bypass the problem born with Excel > 2007 SP2 , which cause the PDF saved files not correctly resized? > > many thanks, i hope a solution... > > stex > > ...

PDF scaling
Hi, my publication is on A7 format and I need to publish it as A5 format. With normal printers there is no problem, just set the scaling to 200%, but how could one achieve that with Publisher's PDF export feature? Thanks, Jan Jan, I use Pub 2000, sans built-in PDF but if you select File, Printer setup, is PDF listed? If so, can you then select Printer Preferences and there may be "Scaling". -- Don Vancouver, USA "Jan Kucera" <miloush@community.nospam> wrote in message news:E122321E-911E-4580-A8FF-2D522524FE7E@microso...

Error 3164 after uipdate of query-based RowSource fro combo box
I have a combo box (cboPartNo) that is set up so that if a part number is entered into it that is not contained in the Row Source, the NotInList event is fired, which takes the user to another form (UnstockedInventory) for entry of applicable information for the new part. When the new record is saved in UnstockedInventory, an append query is generated that creates a base record in the Inventory table from which the RowSource for cboPartNo is generated. The code then does a docmd.requery of cboPartNo and the new part number appears in the dropdown. However, when the user then attempts...

display a drop-down list based on the content of another cell
I want to display a drop-down validation list for a target cell only if the vlaue in another cell meets or exceeds a numerical threshold. If the threshold is not met, I want to force the target cell to remain blank. Cell A contents -----> Cell B contents < 100 must be blank >= 100 may only be "red" or "green" or "blue" Using MS Office Excel 2003 Joe, without VBA you can have a Custom data validation with the following formula: =IF(A1<100, B1="", OR(B1="a", B1=...

How do I insert a pdf document in Publisher 2002?
I would like to insert Adobe pdf formats into my Publisher 2002 web page. Can anyone help? Ray Pack wrote: > I would like to insert Adobe pdf formats into my Publisher 2002 web > page. Can anyone help? You can't (TTBOMK). -- Facon - the artificial bacon bits you get in Pizza Hut for sprinkling on salads. Hi Ray Pack (Ray Pack@discussions.microsoft.com), in the newsgroups you posted: || I would like to insert Adobe pdf formats into my Publisher 2002 web || page. Can anyone help? Are you just looking to have the PDF available from your webpage as a download? -- Brian Kval...

merge 2 PDF files into 1 PDF file
I created a booklet using 2- 11 x 17's plus a insert for the booklet using 1- 8.5 x 11. I saved the booklet part as one PDF and the insert as another. Is there a way to merge these 2 PDF's for ease in e- mailing? (Publisher 2002) Thanks, Jim Open the second file; select Print, select your PDF creating program from the Printer drop down menu. Print at the bottom of the print window, select Append and then select the first file. -- Don - PDF-XChange Pro�/PDF-XChange Viewer Pro� Vancouver, USA - http://www.docu-track.com/downloads/users/ "Jim K." <grinmonger@aol.com...

Printing Excel 2007 pie charts to PDF
I am attempting to print a series of PDF files (approx. 7000) from an Excel 2007 file, and I am having issues with the size of each file and the time it takes to generate each PDF file. The pages in Excel that I am using have several pie charts and line graphs, and I think they are the reason my files are so large. One of the pages in particular has six pie charts (Style 26 in Excel 2007), and printing just that page created an Adobe PDF file that is ~1.4 MB. I printed the same page to PDF using pie charts with Style 18, and the file is ~200 KB. The simple answer is to just use Style 1...

Sumif based on 2 conditions
I have one (A) column with 1-12 (for month) with a varying number of rows per month. (B) contains Initials of Technicians, (C) contains Net Sales $. I then have a cell for each Tech each month. I need the sum of C:C that each tech did each month. What formula should I use or should I use a Macro? The rows vary because each row is a different job in a large spreadsheet that is being filtered different ways Month Tech 1 PRK 380 1 CXF 540 1 PRK 290 2 PRK 500 2 PRK 430 2 CXF 12000 Hi you can use SUMPR...

Printing PDF file
I need to print a publisher page that I have saved to Adobe distiller. As some of you know when you print the PDF it doesn't print to the edge, I am pretty sure that this has been talked about before but I can't remember the settings I need to use. Appreciate any help! Thanks! Does your printer allow you to print to the edge? -- JoAnn Paules - MVP Microsoft Publisher <sunshower@NOSPAMcfl.rr.com> wrote in message news:emuq70tvfn49s91iqjskjqsdo3021r9roo@4ax.com... > I need to print a publisher page that I have saved to Adobe distiller. > As some of you know when yo...

Outlook changing PDF extention to PDF=
I have a client that uses Outlook 2000 for e-mail. About a week ago, she started complaining that everyone that she sent PDFs (Ex. Document.pdf) that they were receiving PDF= (Ex. Docuement.pdf=). This is only happening with PDF files, not word documents or anything else. I have tried to change the outgoing mail server, but that made no difference. Is there something in Outlook that can be causing this? is she using RTF formatted messages? Antivirus or antispam scanners on outgoing email? -- Diane Poremsky [MVP - Outlook] Author, Teach Yourself Outlook 2003 in 24 Hours Coauthor, OneNote 2...

PDF metadata
Version: 2008 Operating System: Mac OS X 10.4 (Tiger) Processor: Power PC I'd like to have Title, Author, Subject and Keywords set in the generated pdf. However, in my preliminary experiments with Word 2008 for the Mac; save as pdf works fine in that a pair of PDF files is generated. The first one has the document text, but not the desired metadata. The second one has information about the first pdf ... including the desired metadata (but not AS metadata, simply as text in the body of the document). FWIW, OpenOffice behaves as expected (as does FrameMaker) Can you clarify a bit? You are...

How to have Invoice Format be based on Customer Class ID?
Our company has two separate divisions which each invoice separately. We would like for each division to print its own invoice format. We will segregate customers by Class ID. Is there a way to have a given Customer Class ID default to a given Invoice Format? (Others have suggested VBA... can someone get us started on that code?) Thanks! Yes you could do this either using Dexterity or VBA. You would, of course, only be able to do this if printing single document because if you print a batch of invoices (by choosing a range of some sort) then it prints as one big report and so it woul...

How do you import a pdf file into Microsoft publisher 2003
I'm doing my kid's school directory. I have ads thathave been submitted as pdf files. How do I place those files on my pages. Microsoft doesn't give me the answer; neither does adobe. A small child turns to Ed, and exclaims: "Look! Look! A post from rbpublisher <rbpublisher@discussions.microsoft.com>!"... > I'm doing my kid's school directory. I have ads thathave been > submitted as pdf files. How do I place those files on my pages. > Microsoft doesn't give me the answer; neither does adobe. You need to convert the PDF files to graphics suc...

Conditional Formating based on another cell
I have 2 columns of concern DATE and COST. I would like the COST cell to be shaded if the DATE cell is less than a specificed date. Then if it is possible to calculate the COST field but only the ones highlighted. Help is greatly appreciated!! Thanks, Stacey For the conditional format, use the following for the condition of the cost column: =$A$2<TODAY() and so on, where cell A2 is the corresponding date column. Select the appropriate shade on the pattern tab. As far as calculating the cost column if it is highlighted, my only thoughts are to write a macro that you can run that c...

Conditionally Change Text based on Previous Record's Text
Gang - The following is a sample from a worksheet. The following snippet is repeated for each of 88 counties, giving me a 900-record matrix. I'm trying to verify the statewide totals (by summing across counties) and I've reached the conclusion that I'm limited with options because "Permits Issued" is found twice in each county. I need to find a way to selectively change one of the Permits Issued values (or create something new). The only thing that is unique is the text above it (In-Season Permits in the first case and Out-of-Season Permits in the 2nd). Something lik...

How do I get my Microsoft Office and My PDF working again?
I can't find my Product Key for my PDF or Microsoft Product Key. Where did you get them from originally? Midget wrote: > I can't find my Product Key for my PDF or Microsoft Product Key. ...

What does "System Resource Exceeded" mean?
Using Visual Studio 2002. What does "System Resource Exceeded" mean? What resource am I exceeding and how can I increase it? Is it possible to have to many classes in a project - I have 52? I have a large application split over 8 different EXEs, all of which use a central model.dll file containing thousands of lines of database code (COleDatabase classes). It has worked perfectly for years. The database is the most convenient storage mechanism for our application project files and hundreds, of not thousands of small databases have been created without problem. We are consoloda...

PDF
hi can I save a Publisher (2002) document in PDF format? I need to mail my document to lots of people who I know do not have Publisher! Cheers msiz Sure, only you print a PDF, not save as... If you don't have Acrobat there are free converters around, this is one. http://www.primopdf.com/ -- Mary Sauer MSFT MVP http://office.microsoft.com/ http://msauer.mvps.org/ news://msnews.microsoft.com http://officebeta.iponet.net/en-us/publisher/FX100649111033.aspx "msiz" <msiz@discussions.microsoft.com> wrote in message news:40387C9E-B3E3-4482-B863-07F8C7DE7341@microsoft.com.....