[conspire] Several good articles about Adobe-related security problems

Rick Moen rick at linuxmafia.com
Wed Nov 2 22:35:12 PDT 2011


First up is security author Brian Krebs, posting yet another excellent
article on his Web site:

https://krebsonsecurity.com/2011/10/who-else-was-hit-by-the-rsa-attackers/

  Who Else Was Hit by the RSA Attackers?

  The data breach disclosed in March by security firm RSA received
  worldwide attention because it highlighted the challenges that
  organizations face in detecting and blocking intrusions from targeted
  cyber attacks. The subtext of the story was that if this could happen to
  one of the largest and most integral security firms, what hope was there
  for organizations that aren't focused on security?

  Security experts have said that RSA wasn't the only corporation
  victimized in the attack, and that dozens of other multinational
  companies were infiltrated using many of the same tools and Internet
  infrastructure. But so far, no one has been willing to talk publicly
  about which other companies may have been hit.  Today's post
  features a never-before-published list of those victim organizations.
  The information suggests that more than 760 other organizations had
  networks that were compromised with some of the same resources used to
  hit RSA. Almost 20 percent of the current Fortune 100 companies are on
  this list.
  [...]

Wow, eh?  And this is credible.

The article suffers the usual problem of saying nothing about how
exploit code got executed.  In fairness, Krebs has written somewhat
about this elsewhere, and he links to one such half-decent if
super-brief write-up:

https://krebsonsecurity.com/2010/09/attackers-exploiting-new-acrobatreader-flaw/

  Attackers Exploiting New Acrobat/Reader Flaw

  Adobe warned today that hackers appear to be exploiting a previously
  unknown security hole in its PDF Reader and Acrobat programs.
  [...]
  Adobe's advisory doesn't discuss possible mitigating factors,
  although turning off Javascript in Reader is always a good first step.
  Acrobat JavaScript can be disabled using the Preferences menu [...]


The hapless RSA employee reportedly opened an e-mail with (if memory
serves) an Excel spreadsheet that, upon opening, autolaunched an
embedded Flash animation, which in turn made a JavaScript call.  He was
running an MS-Windows workstation using a login with local Administrator
privilege, so basically the JavaScript code then ran wild and stole
corporate secrets from the employee's files or an attached server or
something like that.


The last article is a real standout, and much better than the usual bit
of breezy cynicism from _The Register_.  This is an article from Dan
Goodin in San Francisco.

http://www.theregister.co.uk/2010/09/10/adobe_security_analysis/

  What Adobe could learn from The Flying Wallendas
  Do security safety nets make Reader less safe? 

  The Flying Wallendas were a legendary circus troupe that performed
  death-defying acts from a high wire without the use of nets or safety
  devices of any kind. Even when they performed their world-famous
  four-person, three-level pyramid act 50 feet in the air, patriarch Karl
  Wallenda steadfastly eschewed nets out of a belief they sapped the
  aerialists' concentration.

  "He did feel that a net could cause you to be sloppy and not really
  train the way you should to prepare for a performance and therefore give
  you a false security," Karl Wallenda's grandson, Tino, said recently
  from a performance in Greenfield, Massachusetts. "It makes the
  audience feel comfortable more than it makes us, the performers, feel
  comfortable."

  Perhaps the recently discovered attack targeting a code-execution
  vulnerability in Adobe's near-ubiquitous Reader application should raise
  similar concerns in the software arena.

  The 15-page PDF was able to compromise PCs even when they ran Reader on
  versions of Microsoft Windows that are fortified with protections
  designed to lessen the damage from garden-variety bugs -- such as the
  stack overflow being targeted in Reader.  [...]


Recommended.







More information about the conspire mailing list