Slashdot Mirror

← Back to Stories (view on slashdot.org)

Homemade PDF Patch Beats Adobe By Two Weeks

Posted by kdawson on from the p-d-q dept.

CWmike writes "Sourcefire security researcher Lurene Grenier has published a home-brewed patch for the critical Adobe Reader vulnerability that hackers are exploiting in the wild using malicious PDF files, beating Adobe Systems Inc. to the punch by more than two weeks. Grenier posted the patch on Sunday with the caveats that it applies only to the Windows version of Adobe Reader 9.0 and comes with no guarantees. Also, PhishLabs has created a batch file that resets a Windows registry key to de-fang the hack by disabling JavaScript in Adobe Reader 9.0, giving administrators a way to automate the process."

23 of 238 comments (clear)

  1. Offensive by Feminist-Mom · · Score: 0, Funny

    From the article:

    "This thing is so simple to use that you're grandmother could patch it."

    As a 49 yo grandmother, c programmer and feminist, I find this offensive.

    1. Re:Offensive by Anonymous Coward · · Score: 2, Funny

      Thank you for letting the Slashdot community know what you find offensive... is this because you think it's interesting, or because you have no friends to talk with?

    2. Re:Offensive by Anonymous Coward · · Score: 5, Funny

      I'll go for the secret third option, "because she's a feminist". Letting the world know what they find offensive is practically the feminists' national sport. Rather, it would be if they had their own country. And by God, I wish they did.

    3. Re:Offensive by bane2571 · · Score: 2, Funny

      So, you're saying your grandmother couldn't install the patch? Or are you trying to imply that your 13 year old or younger grandchildren are nerdy enough to read slashdot?

    4. Re:Offensive by Anonymous Coward · · Score: 5, Funny

      Yeah, you're right. It's terrible when people use an apostrophe when they mean "your".

    5. Re:Offensive by Anonymous Coward · · Score: 5, Funny

      Q: How many feminists does it take to change a lightbulb?
      A: That is NOT funny.

    6. Re:Offensive by Anonymous Coward · · Score: 1, Funny

      Q: How many feminists does it take to change a lightbulb?
      A: Trick question, feminists can't change anything.

    7. Re:Offensive by FlyingBishop · · Score: 3, Funny

      Dude, you should really be careful. I don't think you realize who you're talking to.

      Posting AC is only going to keep you safe for so long.

      That also goes for everyone who modded her down.

    8. Re:Offensive by JorDan+Clock · · Score: 5, Funny

      Q: How many feminists does it take to change a lightbulb?

      A: Four. One to change the lightbulb, three to form a support group.

      But really, it's a trick question because feminists can't change anything.

    9. Re:Offensive by electrosoccertux · · Score: 2, Funny

      Unrelated to the feminist jokes, but related to lightbulbs:

      Q: How many psychiatrists does it take to change a lightbulb?
      A: Only one, but the lightbulb has to want to change.

    10. Re:Offensive by Anonymous Coward · · Score: 1, Funny

      So to paraphrase....That is NOT funny!

    11. Re:Offensive by houghi · · Score: 2, Funny

      One to change the light bulb and to post that the light bulb has been changed.

      Fourteen to share similar experiences of changing light bulbs and how the light bulb could have been changed differently.

      Seven to caution about the dangers of changing light bulbs.

      Seven more to point out spelling/grammatical errors in posts about changing light bulbs.

      Five to flame the spell checkers.

      Three to correct spelling/grammar flames.

      Six to argue over whether it's "lightbulb" or "light bulb" ... another six to condemn those six as stupid.

      Fifteen to claim experience in the lighting industry and give the correct spelling.

      Nineteen to post that this group is not about light bulbs and to please take this discussion to a lightbulb (or light bulb) forum.

      Eleven to defend the posting to the group saying that we all use light bulbs and therefore the posts are relevant to this group.

      Thirty six to debate which method of changing light bulbs is superior, where to buy the best light bulbs, what brand of light bulbs work best for this technique and what brands are faulty

      Seven to post URLs where one can see examples of different light bulbs.

      Four to post that the URLs were posted incorrectly and then post the corrected URL.

      Three to post about links they found from the URLs that are relevant to this group which makes light bulbs relevant to this group.

      Thirteen to link all posts to date, quote them in their entirety including all headers and signatures, and add "Me too"

      Five to post to the group that they will no longer post because they cannot handle the light bulb controversy.

      Four to say "didn't we go through this already a short time ago?"

      Thirteen to say "do a Google search on light bulbs before posting questions about light bulbs"

      Three to tell a funny story about their show dog and a light bulb.
      One to reply almost immediately saying "First Post !!!!!!"

      One to post an ASCII image of the lightbulb.

      Three to ask "Wtf is that" because their clients didn't display it as fixed-width.

      Seventeen to reply saying that their e-mail client is inadequate and suggest they get Mutt.

      One to reply with a perfectly labelled scale diagram of how to change a light bulb correctly.

      Thirty-three to reply telling them not to send HTML e-mails or attachments, and why don't they just use Mutt and ASCII art anyway.

      Two to ask "but does it run Linux ?".

      One to make a comment about the upcoming Microsoft Digital Lightbulb Management 2007 SP2 RGE.

      Two to suggest that Apple lightbulbs are superior.

      Seventy-five to start a massive off-topic Apple vs Microsoft flamewar.

      Forty-two to continue it into a Python vs Perl flamewar.

      One lonely poster to unsuccessfully try to start a HP-UX vs IRIX flamewar

      One hundred and seventy-eight to respond at various times saying
      "Troll!!"
      "OMG WTF TROLL !!!!!!one
      LOL" "Don't Feed Da Troll!!1", etc...

      AND

      One group lurker to respond to the original post 6 months from now and start it all over again

      --
      Don't fight for your country, if your country does not fight for you.
  2. Re:JavaScript?! by IceCreamGuy · · Score: 4, Funny

    Uh, duh, to get on the front page of /.

  3. Reply: Adobe to Lurene Grenier by Lead+Butthead · · Score: 4, Funny

    Lurene Grenier to Adobe: Pay up! We solved your issue.

    Adobe to Lurene Grenier: You decompiled Acrobat in some way to create this fix, in violation of click-through license and DMCA (not to mention making us look incompetent.) We're suing you and we're going to make sure your government put you away in a pound-you-in-the-ass prison for a long long time.

    --
    ELOI, ELOI, LAMA SABACHTHANI!?
  4. Wow by ClosedSource · · Score: 5, Funny

    You mean an individual who doesn't have a business to protect or any customers is able to come up with an un-QA'd version faster than the company that produced the product. Amazing!

  5. Articles reading the future? by Facegarden · · Score: 4, Funny

    What i find more interesting is how slashdot is now able to tell the future!
    The article boldly claims that something released yesterday has arrived two weeks before the official patch. Now, i know it's possible that the two weeks was taken from Adobe's projected patch fix date, but projections and fact are still different, and journalistic integrity requires a writer in this situation to indicate directly that this two weeks is not actually fact, as we couldn't know that yet. The headline is an outright lie, as far as i can tell, as it relies on future events being a certain way.

    Can we not have articles started with lies on slashdot from now on? Maybe keep the lies towards the end?
    -Taylor

    --
    Worldwide Military budgets: $2100 billion. Worldwide Space Exploration budgets: $38 billion. Really, world? Really?
  6. Re:Feature Request by MMC+Monster · · Score: 3, Funny

    How about: "Do you want to prevent the execution of possibly malicious code in this .PDF file?" [Yes][No].

    If they select No, the next dialog is: "Fine. I've just opened all the ports on the computer, deleted the last 10 documents you opened up, and loaded up a couple trojans. Are you sure you want to run the executable code in this PDF file now?" [Yes][No].

    This way, the user won't be taught to always select the same confirmation box all the time.

    --
    Help! I'm a slashdot refugee.
  7. It's been Two Weeks since you made the patch ... by Anonymous Coward · · Score: 5, Funny

    Lurene Grenier has published a home-brewed patch for the critical Adobe Reader vulnerability ... beating Adobe Systems Inc. to the punch by more than two weeks.

    What the fuck Adobe? What did you do for those extra two weeks?

    it applies only to the Windows version of Adobe Reader 9.0 and comes with no guarantees.

    Oh ... I guess you were trying to make it work on all systems, and checking to make sure that it didn't royally fuck up the user's computer, or introduce another, potentially more serious vulnerability.

  8. Really? by tool462 · · Score: 4, Funny

    "caveats that it applies only to the Windows version of Adobe Reader 9.0 and comes with no guarantees."

    My boss will be pleased. I can push all my releases up at LEAST two weeks earlier now by adding this caveat on to all of my code. Thanks, Geritol.

  9. Re:JavaScript?! by Penguinshit · · Score: 4, Funny

    I actually used JavaScript in PDF to create interactive forms for the corporate intranet. It was pretty because I could use Photoshop to create the underlying image.

    Then I quit drinking and realized Excel with tweaked permissions was far better suited to the task. It wasn't as smooth looking but it was easier for my staff to update.

    --

    I have something in common with Stephen Hawking...

  10. Re:Why doesn't anyone think javascript is useful? by XnavxeMiyyep · · Score: 4, Funny

    I'm not sure I understand the overwhelmingly negative reaction to javascript in pdf files.
    ...
    There are great ways to include animations directly in the pdf that use javascript.

    Hmm.... I think I see a connection here.

    --
    I put the 't' in electrical engineering.
  11. Re:Feature Request by Ravon+Rodriguez · · Score: 4, Funny

    An old saying goes "Programming is a race between programmers building better idiot-proof software, and the Universe building better idiots. So far, the Universe is winning."

    --
    Jesus loves me, he loves me a bunch, because he always puts Jiffy in my lunch.
  12. Re:JavaScript?! by Anonymous Coward · · Score: 1, Funny

    I'm totally with you there. PDF is a document format - it's supposed to be and act like paper. And who in their right mind would put a FORM on paper and ask people to FILL IT OUT, thereby EDITING the paper document?

    Verily, the mind boggles.