Slashdot Mirror
Attackers Infect Ads With Old Adobe Vulnerability
thethibs writes "eWeek is reporting that just as everyone is buzzing about the latest Adobe vulnerability, someone poisoned ads hosted by Ziff-Davis with an older Adobe exploit (affecting versions 8.12 and earlier, and long since patched). Z-D fixed the problem less than 24 hours after its first appearance. The interesting bit of this is that a bunch of people probably got hit with the old Trojan when they browsed to a story about the new one."
Yeah, because people like you (running noscript) are so likely to be running a 2-years-old version of Reader.
If a "document" wants to _do_ anything, then it is not a document, and should be given the same trust as other programs. The Microsoftification of the world must stop.
I want to delete my account but Slashdot doesn't allow it.
Don't have anonymous sex with strangers in bath-houses. Or if you must have anonymous sex with strangers in bath-houses use a condom. This has been a public service message.
In other words, don't use AR. Use Evince (on Linux) or Sumatra PDF (Windows). If you must use AR, go to Edit, Preferences, JavaScript, and uncheck "Enable Acrobat JavaScript".
No, none of this has much to do with PDF's merits as a file format. Embedding JS in PDF was a mistake. The mistake won't hurt you if you take these elementary precautions.
Find free books.
I loaded eweek in Firefox, and adblock stopped ads from Doubleclick, Googlesyndication, and Atdmt.com. I'm guess it came from the last one.
These are huge advertisers (atdmt.com is Microsoft, and you probably know that Google bought DoubleClick). Was one of them hacked? If so, what does this have to do with ZD at all?
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Unless the malicious code was placed on any one of the authors sites or another trusted site.
Sig is for Signature, so you don't have to manually sign every post.