dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
51
mysec
Premium Member
join:2005-11-29

1 recommendation

mysec to Lagz

Premium Member

to Lagz

Re: Open a pdf in browser vs in application

said by Lagz:

In the recent Foxit plugin vulnerability, it was the plugin that was at fault and not Foxit reader directly.


Thanks for that update! More reason to keep the plugin disabled.

Note, however, that there is a social engineering component to this exploit:

Italian security researcher Andrea Micalizzi discovered that the latest version of the software crashes if users are tricked into clicking on an overly long web link.

----
rich

Lagz
Premium Member
join:2000-09-03
The Rock

1 recommendation

Lagz

Premium Member

said by mysec:

said by Lagz:

In the recent Foxit plugin vulnerability, it was the plugin that was at fault and not Foxit reader directly.


Thanks for that update! More reason to keep the plugin disabled.

Note, however, that there is a social engineering component to this exploit:

Italian security researcher Andrea Micalizzi discovered that the latest version of the software crashes if users are tricked into clicking on an overly long web link.

----
rich

Yep. Sadly there is no fix or update for social engineering.
mysec
Premium Member
join:2005-11-29

1 recommendation

mysec

Premium Member

said by Lagz:

Yep. Sadly there is no fix or update for social engineering.


I'm going make a note of that!

----
rich

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

Blackbird to mysec

Premium Member

to mysec
said by mysec:

... Note, however, that there is a social engineering component to this exploit:

Italian security researcher Andrea Micalizzi discovered that the latest version of the software crashes if users are tricked into clicking on an overly long web link.

----
rich

Much real-world digital maliciousness relies on multiple factors for success, just one of which is social engineering. This is one of the realities that complicates the analysis of a computer exploit event or the prevention of similar attacks against other computer owners. Your software can be fully patched, yet one oops in "safe hex" habits and trouble may loom. Likewise, you can be as "safe hex" careful as humanly possible, but leave some program on a system unpatched and trouble may loom. And so on... Watching posts in this forum over time, one becomes highly aware of just how many ways the various exploit factors interplay to both cause confusion and to make nearly impossible any simple, one-size-fits-all solution to preventing infections.