 antdudeA Ninja AntPremium,VIP
join:2001-03-25
United State
kudos:4 | 'Better than Adobe' Foxit PDF plugin hit by worse-than-Adobe ... 0-day
New security hole: How an evil URL will ruin your day..."
»www.theregister.co.uk/2013/01/11···in_vuln/ |
|
 LagzPremium
join:2000-09-03
The Rock
 ·AT&T DSL Service
| Perfect example of why I no longer use browser plug-ins to open files within a browser when I can avoid it. Foxit doesn't require you to install the plugin and lets you open the PDF independently of the browser. I use Foxit reader and will continue using it, without the plugin of course.  I hate my browser being able to internally open anything. I minimize using the browser to open files internally at all cost. The only browser plugins I use or would recommend is Adblock plus and NoScript.
--
When somebody tells you nothing is impossible, ask him to dribble a football. |
|
 StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2 | I hate opening any file within a browser. I either "Save As" or have my browser configured to do so. Downloaded files are then scanned with AV before opening.
--
Don't feed trolls--it only makes them grow! |
|
 therube
join:2004-11-11
Randallstown, MD | reply to antdude
quote:
Note that that exploit deals with the Plugin (npFoxitReaderPlugin.dll), so if you don't install the Plugin ... 
»[Updated] [Free] Foxit PDF Reader 5.4.4 |
|
 BlackbirdBuilt for SpeedPremium
join:2005-01-14
Fort Wayne, IN
kudos:3
·Frontier Communi..
1 edit | reply to antdude
It's the same old war between convenience and security. I, like Lagz  and StuartMW , never open apps files within a browser. I first download the file and then scan it sixteen-ways-to-Sunday with multiple AV tools before opening it directly within the appropriate application. I consider that merely an ordinary element of "safe hex".
On the other hand, I personally know many users who want the file to open directly in the browser... for "speed and convenience". Some of them have gotten badly infected that way, others of them seem to perpetually be struggling with various functional problems with their browser when it attempts to open the connections to the appropriate viewer or apps software... and their resolved problems seem to revisit them almost every time their browser version is updated. That seems to me to be a high risk to run and a lot of frustration to wrestle with, all in the name of 'speed and convenience'.
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville |
|
 siljalineI'm lovin' that double widePremium
join:2002-10-12
Montreal, QC
kudos:17
·Bell Sympatico
| reply to antdude
Also spotted:
• »www.h-online.com/security/news/i···636.html
--
Another day, another Java 0-day exploit in the wild ... |
|
StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2 Reviews:
·CenturyLink
| reply to Blackbird
said by Blackbird:..."speed and convenience". Some of them have gotten badly infected that way... In the engineering world there's the time, cost, quality triangle--pick any two.
Perhaps there's a speed, convenience, security triangle too.
PS: Maybe I should explain that better. The point is that whatever two you pick you lose/give up the third.
--
Don't feed trolls--it only makes them grow! |
|
| In IT it's called the "cheap-fast-perfect" triangle.
In ITSec it's call the "secure-convenient-intrusive" triangle.
Regards |
|
|
|
StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2 Reviews:
·CenturyLink
| I figured there was an equivalent.
I used to have a big printed copy of the triangle on my cubical wall. I'd point to it when someone in management came to ask about stuff 
--
Don't feed trolls--it only makes them grow! |
|
 ashrc4Premium
join:2009-02-06
australia | reply to antdude
Does nobody else surf/open PDF's using sandboxie properly configured.
Call it "Proactive layered HEX". |
|
