//honeypot demagogic

 Forum DhammaCitta. Forum Diskusi Buddhis Indonesia

Author Topic: The Biggest Security Hole on the Web?  (Read 1537 times)

0 Members and 1 Guest are viewing this topic.

Offline hatRed

  • KalyanaMitta
  • *****
  • Posts: 7.400
  • Reputasi: 138
  • step at the right place to be light
The Biggest Security Hole on the Web?
« on: 15 August 2009, 09:55:36 AM »
source :  http://www.webpronews.com/topnews/2009/08/13/the-biggest-security-hole-on-the-web




Security Company Points to Flash/Acrobat Reader Vulnerabilities



Two weeks ago, Adobe released a critical patch for Flash Player and Acrobat Reader. According to online security company Trusteer, about 80% of users are still vulnerable, and perhaps more startling, the company views this as being possibly the biggest security hole on the Internet today.

That 80% figure is based on Trusteer's installed base of over 2.5 million online banking users of the company's security service.

"The penetration of Adobe Flash and Acrobat is unparalleled," a spokesperson for Trusteer tells WebProNews. "According to Adobe, 99% of Internet users run Flash.

So so many people on the web are running Flash, and Adobe released the patch two weeks ago, why are so many still vulnerable? Trusteer thinks Adobe just has issues with distributing patches.

"Adobe is facing some major security challenges and one of its biggest hurdles is its software update mechanism.  For some reason, it is not effective enough in distributing security patches to the field," says Trusteer CEO Mickey Boodaei. "Given the lack of attention this situation has received to date, it appears that few people understand the magnitude of the problem. We recommend that all enterprises and individuals install the latest Flash and Acrobat updates immediately."

Accoreding to Trusteer, targeting products like Flash and Acrobat is attractive to wrongdoers because they reach such a huge portion of Internet users. Browser use is much more diversified with Internet Explorer reaching about 65% of users and Firefox reaching 30%. Targeting Adobe's products just covers a lot more people.



i'm just a mammal with troubled soul



Offline hatRed

  • KalyanaMitta
  • *****
  • Posts: 7.400
  • Reputasi: 138
  • step at the right place to be light
Re: The Biggest Security Hole on the Web?
« Reply #1 on: 15 August 2009, 09:58:08 AM »
lebih menarik komennya =))

By slack7639 (WPN reader) - Fri, 08/14/2009 - 07:14
Adobe Flash
Much exposure because their updates are difficult.
You have to use their un-installer first:

Download and use the Flash un-installer:
http://kb2.adobe.com/cps/141/tn_14157.html

Reboot to clear out any left over ocx files.

Reinstall the latest Flash Player:
http://www.adobe.com/software/flash/about/

Re-run Secunia
http://secunia.com/vulnerability_scanning/personal/



By Guest (WPN reader) - Fri, 08/14/2009 - 09:16
Adobe Bloatware
This just confirms my belief - based on many years of experience - that Adobe creates garbage. The Adobe applications in general are bug ridden bloated beyond belief, cause many more problems on local machines that any other software vendor out there , and are difficult to update. Period.



By Guest (WPN reader) - Fri, 08/14/2009 - 04:56
Haha, unlike windows and
Haha, unlike windows and alike, Linux (Ubuntu at least) receives patches really fast. When the XML lib exploit was found it took only 3 days to get system update.

So yeah, no system is completely secure but at least some provide patches as fast as it is humanly possible.

But in a sense am glad more and more bugs are being found in Linux. Means it's gaining more attention.

If you ask me... Adobe just makes poor quality software. Linux version of it's popular flash player is just terrible. Often if will eat all your memory, crash browser or just take too much CPU. Am not too surprised when I see reports like this.





By UnremittingCoward (WPN reader) - Fri, 08/14/2009 - 11:31
Linux patches come out fast
Linux patches come out fast huh, like the ones for this defect you mean;
it's a kernel vulnerability that's been there for what, only 8 years.

http://www.theregister.co.uk/2009/08/14/critical_linux_bug/





By Guest (WPN reader) - Fri, 08/14/2009 - 12:45
Linux patches come out fast
Linux patches come out fast once the patches are released. you cant expect patches to be delivered to your system before creating them... the kernel vulnerability was there for 8 yrs without known to anyone.. it was found only now and patch will be written soon and it reaches everyone soon




By BoardHack (WPN reader) - Fri, 08/14/2009 - 16:24
The point is, the security
The point is, the security hole was unkown to the general public for the last 8 years. This doesn't mean that serious hackers weren't aware of it and eploiting it for the better part of a decade. They most likely were. The more widespread an app is, the quicker an issue will be noticed, and the more pressing the onus will be to fix it.




By olga (WPN reader) - Fri, 08/14/2009 - 02:48
It is indeed. All mac users
It is indeed. All mac users are vulnerable?
Thanx




By Liam (WPN reader) - Fri, 08/14/2009 - 03:47
Yes...
Yes, Mac, Linux, and ofcourse Linux, or basically any OS with a browser and Flash are 100% vulnerable to attacks. BUT the attacks may be more limited per OS, as Linux is hard to do anything with w/o a root pass, Mac is generally the same, and Windows is quite easy to play around with.




By Philip Daniels (WPN reader) - Fri, 08/14/2009 - 11:36
you might wanna read this
you might wanna read this Liam, a kernel bug that's been there for 8 years, which kernel - the linux kernel

http://www.theregister.co.uk/2009/08/14/critical_linux_bug/





By Guest (WPN reader) - Fri, 08/14/2009 - 07:06
A hacker has to find both a
A hacker has to find both a bug and the way to actually exploit it, but for both the browser and the operating system. Here is where Windows (Vista onwards) shines since it offers execution protection (not all memory is allowed to run code), randomized memory addresses, etc. This sandboxed model actually makes jumping from the browser to the OS much harder and thats why bugs on Windows nowadays cost at least 10k usd whereas similar ones for macos cost around 500 usd.

The legacy of 10 years of unsecure Windows experience has left MS more security conscious (even though still vulnerable like any other software) that other companies that rely on obscurity or irrelevance to cover their bases.




By Guest (WPN reader) - Fri, 08/14/2009 - 04:42
silly fanboy
http://www.theregister.co.uk/2009/08/14/critical_linux_bug/




kek anak kecil yg ngeributin punya sapa yg lebih hebat.. =))
i'm just a mammal with troubled soul



 

anything