[conspire] Several good articles about Adobe-related security problems
Rick Moen
rick at linuxmafia.com
Wed Nov 2 22:35:12 PDT 2011
First up is security author Brian Krebs, posting yet another excellent
article on his Web site:
https://krebsonsecurity.com/2011/10/who-else-was-hit-by-the-rsa-attackers/
Who Else Was Hit by the RSA Attackers?
The data breach disclosed in March by security firm RSA received
worldwide attention because it highlighted the challenges that
organizations face in detecting and blocking intrusions from targeted
cyber attacks. The subtext of the story was that if this could happen to
one of the largest and most integral security firms, what hope was there
for organizations that aren't focused on security?
Security experts have said that RSA wasn't the only corporation
victimized in the attack, and that dozens of other multinational
companies were infiltrated using many of the same tools and Internet
infrastructure. But so far, no one has been willing to talk publicly
about which other companies may have been hit. Today's post
features a never-before-published list of those victim organizations.
The information suggests that more than 760 other organizations had
networks that were compromised with some of the same resources used to
hit RSA. Almost 20 percent of the current Fortune 100 companies are on
this list.
[...]
Wow, eh? And this is credible.
The article suffers the usual problem of saying nothing about how
exploit code got executed. In fairness, Krebs has written somewhat
about this elsewhere, and he links to one such half-decent if
super-brief write-up:
https://krebsonsecurity.com/2010/09/attackers-exploiting-new-acrobatreader-flaw/
Attackers Exploiting New Acrobat/Reader Flaw
Adobe warned today that hackers appear to be exploiting a previously
unknown security hole in its PDF Reader and Acrobat programs.
[...]
Adobe's advisory doesn't discuss possible mitigating factors,
although turning off Javascript in Reader is always a good first step.
Acrobat JavaScript can be disabled using the Preferences menu [...]
The hapless RSA employee reportedly opened an e-mail with (if memory
serves) an Excel spreadsheet that, upon opening, autolaunched an
embedded Flash animation, which in turn made a JavaScript call. He was
running an MS-Windows workstation using a login with local Administrator
privilege, so basically the JavaScript code then ran wild and stole
corporate secrets from the employee's files or an attached server or
something like that.
The last article is a real standout, and much better than the usual bit
of breezy cynicism from _The Register_. This is an article from Dan
Goodin in San Francisco.
http://www.theregister.co.uk/2010/09/10/adobe_security_analysis/
What Adobe could learn from The Flying Wallendas
Do security safety nets make Reader less safe?
The Flying Wallendas were a legendary circus troupe that performed
death-defying acts from a high wire without the use of nets or safety
devices of any kind. Even when they performed their world-famous
four-person, three-level pyramid act 50 feet in the air, patriarch Karl
Wallenda steadfastly eschewed nets out of a belief they sapped the
aerialists' concentration.
"He did feel that a net could cause you to be sloppy and not really
train the way you should to prepare for a performance and therefore give
you a false security," Karl Wallenda's grandson, Tino, said recently
from a performance in Greenfield, Massachusetts. "It makes the
audience feel comfortable more than it makes us, the performers, feel
comfortable."
Perhaps the recently discovered attack targeting a code-execution
vulnerability in Adobe's near-ubiquitous Reader application should raise
similar concerns in the software arena.
The 15-page PDF was able to compromise PCs even when they ran Reader on
versions of Microsoft Windows that are fortified with protections
designed to lessen the damage from garden-variety bugs -- such as the
stack overflow being targeted in Reader. [...]
Recommended.
More information about the conspire
mailing list