|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Petja van der Lek (lek
xs4all.nl)
Date: Mon Jul 28 2008 - 12:08:41 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Fear not: NoScript and Foxit are my trusty companions and Adobloat has
been banished to a toxic storage VM a long time ago. My message was just
intended as a public service notice, in the off chance that there are
still some people out there that haven't taken similar precautions.
(*remembers what list he's on before letting voice trail off into
silence and trying to leave the room unnoticed*). Nothing to see here.
Carry on.
Dave Korn wrote:
> Petja van der Lek wrote on 28 July 2008 16:22:
>
>
>> A word of warning might be in order: the PDF is filled with hyperlinks
>> to (presumably) live malware sites. Navigating the document is therefore
>> not unlike playing Minesweeper. Red flags are not powerups but mean
>> "danger". Mis-click to get pwned.
>>
>
> <boggle> You allow your browser to run javascript ... by default? ... or
> only specifically when studying malware?
>
>
>> Stuff like that. You might want to use
>> a reader that at least asks for confirmation before it serves up the
>> site in your browser (a quick test shows that Adobe Reader 7 as a
>> Firefox plugin
>>
>
> <double-boggle> You read PDFs in your browser using the plugin?[*]
>
>
>> happily opens a link without asking anything, for instance).
>>
>
> You're barking up the wrong hole here. The problem isn't that if you
> click a link in a PDF document viewed in your browser you will browse
> straight to it; that's no different than clicking a link on a HTML page
> viewed in your browser, and you wouldn't expect it to ask before it followed
> a link there. The problem is that you're running untrusted scripts: you're
> as vulnerable to getting pwned by an iframe banner ad on MSN or Yahoo as you
> are to clumsily clicking a link in a document about malware.
>
>
> Seriously, nobody should even be here if they don't appreciate that
> they're dealing with live munitions and know how to handle them safely.
>
> cheers,
> DaveK
>
> [*] - that's not really a security boggle, that's more of a
> how-the-hell-long-before-I-get-control-of-my-browser-back-thank-you-very-muc
> h-adobe-and-your-godawful-bloatware boggle. Though of course I would still
> recommend downloading PDFs with "Save link as..." and viewing them in foxit
> so that they're not in the same process space as your browser, just for a
> bit of added insulation.
>
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]