Slashdot Mirror
Attackers Infect Ads With Old Adobe Vulnerability
thethibs writes "eWeek is reporting that just as everyone is buzzing about the latest Adobe vulnerability, someone poisoned ads hosted by Ziff-Davis with an older Adobe exploit (affecting versions 8.12 and earlier, and long since patched). Z-D fixed the problem less than 24 hours after its first appearance. The interesting bit of this is that a bunch of people probably got hit with the old Trojan when they browsed to a story about the new one."
Yeah, because people like you (running noscript) are so likely to be running a 2-years-old version of Reader.
If a "document" wants to _do_ anything, then it is not a document, and should be given the same trust as other programs. The Microsoftification of the world must stop.
I want to delete my account but Slashdot doesn't allow it.
Don't have anonymous sex with strangers in bath-houses. Or if you must have anonymous sex with strangers in bath-houses use a condom. This has been a public service message.
In other words, don't use AR. Use Evince (on Linux) or Sumatra PDF (Windows). If you must use AR, go to Edit, Preferences, JavaScript, and uncheck "Enable Acrobat JavaScript".
No, none of this has much to do with PDF's merits as a file format. Embedding JS in PDF was a mistake. The mistake won't hurt you if you take these elementary precautions.
Find free books.
I loaded eweek in Firefox, and adblock stopped ads from Doubleclick, Googlesyndication, and Atdmt.com. I'm guess it came from the last one.
These are huge advertisers (atdmt.com is Microsoft, and you probably know that Google bought DoubleClick). Was one of them hacked? If so, what does this have to do with ZD at all?
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Unless the malicious code was placed on any one of the authors sites or another trusted site.
Sig is for Signature, so you don't have to manually sign every post.
Its the decision to allow the macro script do other things outside of a word doc that is the problem.
Who cares if accountants have macros that autosum three pages of figures. I just want to punch the idiot who thought that its ok to have a macro alter/save files other than the active file, or connect to outside data sources (e.g. teh intarwebz) without a big freaking' popup asking for a manual confirmation.
What probably happened is some clever punk thought it would be smart to just tie it to the VBScript engine, and let anything happen, rather than developing a special macro language for office.
HA! I just wasted some of your bandwidth with a frivolous sig!
I understand the resistance to upgrade a major version (9) but if one, especially a company doesn't apply a free update to same major version, that system is not managed and should be taken off the internet.
As far as I know Adobe uses the ultra paranoid microsoft installer on Windows and it has excellent admin options like rollback and deployment.
Old computer isn't an excuse, they are being real lazy. I mean one should use advantages of the platform if they are stuck with it.