Slashdot Mirror
Adobe PDF Exploits In the Wild
mambosauce writes "Brian Krebs, via the security fix blog is reporting that the recent PDF vulnerabilities which were patched only for Adobe Reader 8 and not 7 are being exploited via banner ads. As if there haven't been enough banner ad attacks this year now we have another one targeting one of the most popular applications in the world this weekend. At this rate there won't be many safe applications left to use."
That's what foxit and kpdf are for.
This is just another addition to the mounting list of reasons I block most banner ads. Why should I download something that could be dangerous, and adds no value to my browsing experience? I manually un-block certain sites I know to have decent levels of quality assurance in their ads (Penny Arcade, Slashdot, for example). I'd much rather directly micropay for content than be served completely worthless ads anyhow.
Whack a Catgirl: You know you want to!
Yeah, I got that one, too. Thing is, I don't remember opening an account with Bank Trust. I went to the website and tried logging in with all my various bank logins, and none of them worked. I think someone at Bank Trust really screwed up when they sent that message out. Morons.
...there were web browsers that allowed you to block certain types of code, or had extensions that would perform a similar function...
This is NOT "Adobe PDF Exploits In the Wild" but rather "Adobe Acrobat Reader Exploits In the Wild". The problem in is Reader, not in PDF. That's like calling Outlook scripting worms "email viruses". Oh, wait, blame the technology, not the software. Sorry, I forgot.
It is dangerous to be right when the government is wrong.
Foxit is so much faster and less of a resource hog then adobe reader.
It also doesn't work. For example, two-page documents generally start with page 1 on the right, yet in two-page mode Foxit insists on displaying pages 1 and 2 together, 3 and 4 together, etc. I discovered this when I tried it after seeing comments like the parent and GP posts, and also discovered that there have been bugs logged on this for eons but no-one seems to care about fixing it. The software was uninstalled from my PC within two minutes of installing it and filed under "beyond hope".
One of these days, people on Slashdot will realise that something that is free/or more secure is still worthless if it doesn't actually do the job it's supposed to do.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
The article doesn't say explicitly, but I'm assuming this is related to the fact that the default configuration of AR will execute javascript that's embedded in pdf files. This is both a privacy issue (people can track readers) and a security issue (more than one stack overflow bug has been discovered that's related to js). To disable js, go to Edit, Preferences, JavaScript, and uncheck "Enable Acrobat JavaScript".
There have been a lot of posts along the lines of "why the hell even use AR?" Well on Linux, I actually have Firefox set to open pdf files in xpdf, because it's faster, and I also habitually use xpdf to view pdf files when I'm not in a browser. (Evince is a little slower, but a little more full-featured and modern.) But I also have a copy of AR 8 installed on my Linux box, because it has some features that I find really useful once in a while, and also I want to be able to test my pdf files sometimes and make sure they'll look right for AR users. It's one of only two proprietary apps I have on my machine, the other being Flash. It would be great if the OSS community could produce a pdf viewer that was just a little more full-featured than Evince. (Flash is a whole different issue -- many of the things Gnash can't do, it can't do because of patents.)
Find free books.
True. I usually run at least 6 boxes at a time, just to cover all the major operating systems. I'd never want to be without the software clones I need!
Comment removed based on user account deletion