Dailydave mailing list archives
Re: Blog spam, obfuscated javascript and more!
From: Petja van der Lek <lek () xs4all nl>
Date: Mon, 28 Jul 2008 19:08:41 +0200
Fear not: NoScript and Foxit are my trusty companions and Adobloat has been banished to a toxic storage VM a long time ago. My message was just intended as a public service notice, in the off chance that there are still some people out there that haven't taken similar precautions. (*remembers what list he's on before letting voice trail off into silence and trying to leave the room unnoticed*). Nothing to see here. Carry on.
Dave Korn wrote:
Petja van der Lek wrote on 28 July 2008 16:22:A word of warning might be in order: the PDF is filled with hyperlinks to (presumably) live malware sites. Navigating the document is therefore not unlike playing Minesweeper. Red flags are not powerups but mean "danger". Mis-click to get pwned.<boggle> You allow your browser to run javascript ... by default? ... or only specifically when studying malware?Stuff like that. You might want to use a reader that at least asks for confirmation before it serves up the site in your browser (a quick test shows that Adobe Reader 7 as aFirefox plugin<double-boggle> You read PDFs in your browser using the plugin?[*]happily opens a link without asking anything, for instance).You're barking up the wrong hole here. The problem isn't that if you click a link in a PDF document viewed in your browser you will browse straight to it; that's no different than clicking a link on a HTML page viewed in your browser, and you wouldn't expect it to ask before it followed a link there. The problem is that you're running untrusted scripts: you're as vulnerable to getting pwned by an iframe banner ad on MSN or Yahoo as you are to clumsily clicking a link in a document about malware. Seriously, nobody should even be here if they don't appreciate thatthey're dealing with live munitions and know how to handle them safely.cheers, DaveK [*] - that's not really a security boggle, that's more of a how-the-hell-long-before-I-get-control-of-my-browser-back-thank-you-very-muc h-adobe-and-your-godawful-bloatware boggle. Though of course I would still recommend downloading PDFs with "Save link as..." and viewing them in foxit so that they're not in the same process space as your browser, just for a bit of added insulation.
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Blog spam, obfuscated javascript and more! val smith (Jul 28)
- Re: Blog spam, obfuscated javascript and more! Petja van der Lek (Jul 28)
- Re: Blog spam, obfuscated javascript and more! Dave Korn (Jul 28)
- Re: Blog spam, obfuscated javascript and more! Petja van der Lek (Jul 28)
- Re: Blog spam, obfuscated javascript and more! val smith (Jul 28)
- Re: Blog spam, obfuscated javascript and more! Dave Korn (Jul 28)
- Re: Blog spam, obfuscated javascript and more! Petja van der Lek (Jul 28)