SECURITY WARNINGS & Notices - Please post them here

[polonus]

Hi malware fighters,

Apparent Detecting and Defeating Government Interception Attacks Against SSL, Certification authorities have provided government with false certifications so they need not break and can easily circumvent encryption: http://files.cloudprivacy.net/ssl-mitm.pdf
Involved is packet-forensics: http://www.wired.com/threatlevel/2010/03/packet-forensics
Now we understand why a lot of browsers trust a lot of certificates:
http://www.eff.org/deeplinks/2010/03/researchers-reveal-likelihood-governments-fake-ssl]

polonus

[Hermite15]

Hi malware fighters,

Apparent Detecting and Defeating Government Interception Attacks Against SSL, Certification authorities have provided government with false certifications so they need not break and can easily circumvent encryption: http://files.cloudprivacy.net/ssl-mitm.pdf
Involved is packet-forensics: http://www.wired.com/threatlevel/2010/03/packet-forensics
Now we understand why a lot of browsers trust a lot of certificates:
http://www.eff.org/deeplinks/2010/03/researchers-reveal-likelihood-governments-fake-ssl]

polonus

I hope that's not true

[polonus]

@Logos,

More links: http://www.betanews.com/article/Has-SSL-become-pointless-Researchers-suspect-statesponsored-CA-forgery/1269551694
http://betabubble.com/?tag=intermediate-certificates
It was not developed with your security in mind....
It is all about endpoints, and it is all about trust to what is going over the "wire"......
DNSSEC has a similar attack against it,

polonus

[Hermite15]

I trust the sources, that's not the problem, I was just a bit shocked to say the least. I posted that on Comodo forums to get some reactions (could be interesting as they're in ssl business) but no feedback so far...

[crofty59]

Trojans masquerading as updates for popular applications such as Adobe, Java or Windows.

I read this on Sunbelt blog
http://sunbeltblog.blogspot.com/2010/03/fake-updates-install-backdoors.html

Also more info on Softpedia
http://news.softpedia.com/news/Trojan-Masquerades-as-Adobe-Reader-Updater-Component-138453.shtml

Edited wrong Link

[polonus]

Hi malware fighters,

Security researcher D. Stevens has published a hole in PDF that cannot be patched!
POC: http://blog.didierstevens.com/2010/03/29/escape-from-pdf/
Forewarned is forearmed. Adobe is putting everyone in danger,

polonus

[mkis]

I now use Foxit - regardless that is less supported PDF platform

[nmb]

I use sumatra pdf. recommended by scott, its awesome. Thanks scott. No problems whatsoever.

nmb

[mkis]

okay I give it a go. no doubt still recommended by Scott.

[spg SCOTT]

I use both foxit and Sumatra as they both come in portable versions (portableapps.com)
 

Simple, small, lightweight, and crucially not targeted as much as adobe

[mkis]

Thats what I'll do Scott. And the portable on my flash drive as well. Cheers, buddy.

[polonus]

Hi malware fighters Scott and mkis,

Thanks for the additional info, forum friends,  Adobe has been under malware flak too long now and their patch cycle cannot keep up with what is uncoming, as this cannot be patched as Didier Stevens mentions then it is better to shun Adobe's PDF software until they really will clean up their act,

polonus

[Hermite15]

OK this is all interesting, and I (seriously) don't doubt a second about the existence of Adobe Reader or Flash vulnerabilities. This said, I'm still waiting for my first Adobe related infection

[MikeBCda]

My personal third-party choice is Tracker's PDF-XChange Viewer (freeware, at least the version I've got).

If I understand correctly, the vulnerability is in Adobe's reader itself, rather than anything inherent in PDF coding, so 3rd party viewers should be OK.

I suspect Adobe has a general attitude problem about proper security.  Maybe my sense of what happened when is a little fuzzy, but didn't all the problems with Flash start more or less when Adobe took that (and Shockwave generally) over?

[polonus]

Hi Logos,

The case is worse than the responders thought, it is not only Adobe PDF that is holed, it is all PDF, in Foxit it is even worse that you get no warning and still the POC works. Use this to test: http://didierstevens.com/files/data/launch-action-cmd.zip   If cmd.exe is started well  :'(
It is broken, folks, it is broken, they are going for broke!!! This is the POC for Foxit Reader: http://twitter.com/riotz/status/11281340909
But PDF-XChange Viewer still standing, nothing being executed only thing you get is an error after the warning....

polonus