dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
968
share rss forum feed


antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:5

2 recommendations

'Better than Adobe' Foxit PDF plugin hit by worse-than-Adobe

... 0-day

New security hole: How an evil URL will ruin your day..."

»www.theregister.co.uk/2013/01/11···in_vuln/


Lagz
Premium
join:2000-09-03
The Rock

2 recommendations

Perfect example of why I no longer use browser plug-ins to open files within a browser when I can avoid it. Foxit doesn't require you to install the plugin and lets you open the PDF independently of the browser. I use Foxit reader and will continue using it, without the plugin of course. I hate my browser being able to internally open anything. I minimize using the browser to open files internally at all cost. The only browser plugins I use or would recommend is Adblock plus and NoScript.
--
When somebody tells you nothing is impossible, ask him to dribble a football.


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:3

5 recommendations

I hate opening any file within a browser. I either "Save As" or have my browser configured to do so. Downloaded files are then scanned with AV before opening.
--
Don't feed trolls--it only makes them grow!


therube

join:2004-11-11
Randallstown, MD
Reviews:
·Comcast
·Verizon Online DSL
reply to antdude
quote:
Note that that exploit deals with the Plugin (npFoxitReaderPlugin.dll), so if you don't install the Plugin ...
»[Updated] [Free] Foxit PDF Reader 5.4.4


Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..

1 edit

2 recommendations

reply to antdude
It's the same old war between convenience and security. I, like Lagz See Profile and StuartMW See Profile, never open apps files within a browser. I first download the file and then scan it sixteen-ways-to-Sunday with multiple AV tools before opening it directly within the appropriate application. I consider that merely an ordinary element of "safe hex".

On the other hand, I personally know many users who want the file to open directly in the browser... for "speed and convenience". Some of them have gotten badly infected that way, others of them seem to perpetually be struggling with various functional problems with their browser when it attempts to open the connections to the appropriate viewer or apps software... and their resolved problems seem to revisit them almost every time their browser version is updated. That seems to me to be a high risk to run and a lot of frustration to wrestle with, all in the name of 'speed and convenience'.
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico

1 recommendation

reply to antdude
Also spotted:
• »www.h-online.com/security/news/i···636.html

--
Another day, another Java 0-day exploit in the wild ...


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:3

1 recommendation

reply to Blackbird
said by Blackbird:

..."speed and convenience". Some of them have gotten badly infected that way...

In the engineering world there's the time, cost, quality triangle--pick any two.

Perhaps there's a speed, convenience, security triangle too.

PS: Maybe I should explain that better. The point is that whatever two you pick you lose/give up the third.
--
Don't feed trolls--it only makes them grow!

HELLFIRE
Premium
join:2009-11-25
kudos:18

1 recommendation

In IT it's called the "cheap-fast-perfect" triangle.

In ITSec it's call the "secure-convenient-intrusive" triangle.

Regards


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:3

2 recommendations

I figured there was an equivalent.

I used to have a big printed copy of the triangle on my cubical wall. I'd point to it when someone in management came to ask about stuff
--
Don't feed trolls--it only makes them grow!


ashrc4
Premium
join:2009-02-06
australia
reply to antdude
Does nobody else surf/open PDF's using sandboxie properly configured.
Call it "Proactive layered HEX".