Full Disclosure mailing list archives

Re: Adobe Flash UpdateInstalls Other Warez without Consent

From: Benji <me () b3nji com>
Date: Tue, 18 Sep 2012 15:54:26 +0100

If you can't program them or secure them, you might as well paint on them.


Quote taken from the "How to treat your girlfriend for dummies"

On Mon, Sep 17, 2012 at 6:59 PM, Jeffrey Walton <noloader () gmail com> wrote:

Hi Christian,

So, I was updating flash on a computer lately, when I noticed the
prompt below*, reminding me of this conversation.

Its a different URL. The URL I used was provided by the Adobe Flash Update
Service.

Considering how bad they've done in userland, its a scary thought they are
installing software at an elevated privilege level (and IT allows it).

or maybe it just took me a few weeks to photoshop this....

 If you can't program them or secure them, you might as well paint on them.

Jeff

On Mon, Sep 17, 2012 at 1:39 PM, Christian Sciberras <uuf6429 () gmail com>wrote:

So, I was updating flash on a computer lately, when I noticed the prompt
below*, reminding me of this conversation.

*or maybe it just took me a few weeks to photoshop this....you decide.

To the more reasonable readers, I guess Adobe could have had a genuine
mistake / bug in their code....nothing new.
Don't know why it's such a big deal.



[image: Inline image 1]
On Sun, Sep 9, 2012 at 11:21 PM, Marcio B. Jr. <marcio.barbado () gmail com>wrote:

You may be interested in getting acquainted with the fact that life is
possible (it's actually stupendously better) without crapware.

On Thu, Sep 6, 2012 at 2:09 PM, Jeffrey Walton <noloader () gmail com>
wrote:

The company that writes the worlds most insecure software [1,2,3] has
figured out a way to further increase an attack surface.

Adobe now includes additional warez in their updates without consent.
The warez includes a browser and tools bar. The attached image is what
I got when I agreed to update Adobe Flash because of recent security
vulnerability fixes.

It appears Adobe has become a whore to Google like Mozilla.

+1 Adobe.

[1] http://www.google.com/#q=Adobe+site%3Asecurityfocus.com.
[2]

http://web.nvd.nist.gov/view/vuln/search-results?query=adobe&search_type=all&cves=on

[3]

http://lastwatchdog.com/adobe-surpasses-microsoft-favorite-hackers-target/

[4] http://www.theregister.co.uk/2009/12/29/security_predictions_2010/

[SNIP]

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Adobe Flash UpdateInstalls Other Warez without Consent, (continued)
- - Re: Adobe Flash UpdateInstalls Other Warez without Consent Jeffrey Walton (Sep 06)
    - Re: Adobe Flash UpdateInstalls Other Warez without Consent Gage Bystrom (Sep 06)
- Re: Adobe Flash UpdateInstalls Other Warez without Consent Christian Sciberras (Sep 06)
- Re: Adobe Flash UpdateInstalls Other Warez without Consent Jeffrey Walton (Sep 06)
  - Message not available
    - Re: [funsec] Adobe Flash UpdateInstalls Other Warez without Consent Jeffrey Walton (Sep 06)
    - Re: [funsec] Adobe Flash UpdateInstalls Other Warez without Consent Jeff MacDonald (Sep 06)
- Re: Adobe Flash UpdateInstalls Other Warez without Consent Mark (Sep 07)
- Re: Adobe Flash UpdateInstalls Other Warez without Consent Marcio B. Jr. (Sep 09)
  - Re: Adobe Flash UpdateInstalls Other Warez without Consent Christian Sciberras (Sep 18)
    - Re: Adobe Flash UpdateInstalls Other Warez without Consent Jeffrey Walton (Sep 18)
    - Re: Adobe Flash UpdateInstalls Other Warez without Consent Benji (Sep 19)
    - Re: Adobe Flash UpdateInstalls Other Warez without Consent Nick Boyce (Sep 18)