| TIP: Click on subject to list as thread! | ANSI |
| echo: | |
|---|---|
| to: | |
| from: | |
| date: | |
| subject: | |
ml> the problem, though, is that those old versions have security holes so ml> large that you can fly a squadron of F-86's thru them... things like ml> javascript execution and bugs in the rendering engine that allow ml> malformed documents to be loaded and overrun the buffers which then lead ml> to code execution that you have no visual indication is even taking ml> place... JP> I posted just now, that I D/L'd a new reader. I wonder if it is JP> also subject to invasions ? i don't know... i only know that adobe stuff has a lot of holes and has had some of them for years... flash and pdf are both used as infiltration mechanisms with pdf being much more common... i know that in the IDS/IPS stuff i work with, we are always looking inside pdf files for critters and their code... have you ever gotten a surprising "spam" from fedex or ups in your email? many of those were carrying pdfs full of critters... what they do is carry the critter code that checks what adobe, java and a few other packages you have installed... they already know what holes they are looking for so the critter then hits the 'net at their special site with a url that tells them what apps you have... they then serve up the critters that drive thru the holes in those apps and infect you with one or more of their own tools... once that's done, they have control over your machine and can update their tools or use your machine in their botnets or even just wait in their tools to send them the info on your activities and the keylogger data they record as you log into your accounts and access your bank accounts... the above can also happen just by viewing an advertisement on some clean and legitimate site if they are lucky enough to get an ad campaign running on an advertising network without it being vetted or looked at too closely... this happened in the last months and sites like abc.com, nfl.com, nbc.com and other really huge brand name sites were displaying these ads and infesting many of their users... i remember the huge flurry of activity as we moved to catch these attacks and get the ads pulled from the advertising network's servers... )\/(ark* Origin: (1:3634/12) SEEN-BY: 3/0 633/267 640/954 712/0 620 848 @PATH: 3634/12 123/500 387/22 261/38 712/848 633/267 |
|
| SOURCE: echomail via fidonet.ozzmosis.com | |
Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.