Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Petja van der Lek (lekxs4all.nl)
Date: Mon Jul 28 2008 - 12:08:41 CDT
Fear not: NoScript and Foxit are my trusty companions and Adobloat has
been banished to a toxic storage VM a long time ago. My message was just
intended as a public service notice, in the off chance that there are
still some people out there that haven't taken similar precautions.
(*remembers what list he's on before letting voice trail off into
silence and trying to leave the room unnoticed*). Nothing to see here.
Dave Korn wrote:
> Petja van der Lek wrote on 28 July 2008 16:22:
>> A word of warning might be in order: the PDF is filled with hyperlinks
>> to (presumably) live malware sites. Navigating the document is therefore
>> not unlike playing Minesweeper. Red flags are not powerups but mean
>> "danger". Mis-click to get pwned.
> only specifically when studying malware?
>> Stuff like that. You might want to use
>> a reader that at least asks for confirmation before it serves up the
>> site in your browser (a quick test shows that Adobe Reader 7 as a
>> Firefox plugin
> <double-boggle> You read PDFs in your browser using the plugin?[*]
>> happily opens a link without asking anything, for instance).
> You're barking up the wrong hole here. The problem isn't that if you
> click a link in a PDF document viewed in your browser you will browse
> straight to it; that's no different than clicking a link on a HTML page
> viewed in your browser, and you wouldn't expect it to ask before it followed
> a link there. The problem is that you're running untrusted scripts: you're
> as vulnerable to getting pwned by an iframe banner ad on MSN or Yahoo as you
> are to clumsily clicking a link in a document about malware.
> Seriously, nobody should even be here if they don't appreciate that
> they're dealing with live munitions and know how to handle them safely.
> [*] - that's not really a security boggle, that's more of a
> h-adobe-and-your-godawful-bloatware boggle. Though of course I would still
> recommend downloading PDFs with "Save link as..." and viewing them in foxit
> so that they're not in the same process space as your browser, just for a
> bit of added insulation.
Dailydave mailing list