Reader Comments (rss)

(Flattened / Threaded)

1.  

   

   Nick Stamoulis, Aug 18th, 2008 @ 5:11pm

   
   

   Wow! Thats pretty sneaky...they never fail to think up new ways to spam huh? Speaking of new ways of spamming, our friend Kate Dickman recently found a malware/spam site randomly ranking for her name on the Google SERP
   
   http://katedickman.com/2008/08/17/oh-my-word-a-new-way-to-spam-serp-spam/
   
   ... scary how many ways they can get you.

    

   [ reply to this | link to this | view in thread ]

2.  

   

   Anonymous Coward, Aug 18th, 2008 @ 5:32pm

   
   

   Another reason to hate flash.

    

   [ reply to this | link to this | view in thread ]

3.  

   

   MAtt, Aug 18th, 2008 @ 7:27pm

   
   

   js vulnerability

   Interesting that there is a clipboard "vulnerability" with IE as it allows JavaScript access to the clipboard, whereas FireFox defaults to no clipboard access. If I recall, FF2 simply doesn't allow it; FF3 lets the user turn it on.
   So, how did the brains at FF miss this Flash vulnerability?

    

   [ reply to this | link to this | view in thread ]

4.  

   

   KB, Aug 18th, 2008 @ 7:49pm

   
   

   Re: js vulnerability

   Probably because they don't have access to the Flash source code and so wouldn't be able to control it.

    

   [ reply to this | link to this | view in thread ]

5.  

   

   MAtt, Aug 18th, 2008 @ 8:07pm

   
   

   Re: Re: js vulnerability

   Does the browser execute Flash, or is it passing it on to the OS? Does IE suffer this vulnerability? The article didn't say, but I suspect if not I wonder if M$ knew about it but failed to mention it to the Mozilla team?

    

   [ reply to this | link to this | view in thread ]

6.  

   

   Dave Barnes, Aug 18th, 2008 @ 8:30pm

   
   

   what are these files everyone seems upset about?

   I went to Kate Dickman's site and then went to Google and then went to some "PC analysis" site.
   It wanted me to download some .exe files, so, I did.
   Now what?
   They won't run on my PC when I click on them.
   I don't understand.

    

   [ reply to this | link to this | view in thread ]

7.  

   

   Kate Dickman, Aug 18th, 2008 @ 9:01pm

   
   

   @Dave Barnes Well what I'm getting and what you're getting must be different. When I click on the link - it starts psychotically scanning the computer with tons of pop ups and porn photos and prompts an .exe file to be executed....you're bold. I DEFINITELY didn't intstall it so whether it infects your computer or not - I'm not wlling to take the chance. It seems to be a spammy site with the opportunity to infect your computer with malware. The fact that a sketchy spammy site like that even RANKS for my name out of nowhere -- is spammy enough and a security risk in my opinion.

    

   [ reply to this | link to this | view in thread ]

8.  

   

   Kate Dickman, Aug 18th, 2008 @ 9:04pm

   
   

   @Dave Barnes Well what I'm getting and what you're getting must be different. When I click on the link - it starts psychotically scanning the computer with tons of pop ups and porn photos and prompts an .exe file to be executed....you're bold. I DEFINITELY didn't intstall it so whether it infects your computer or not - I'm not wlling to take the chance. It seems to be a spammy site with the opportunity to infect your computer with malware. The fact that a sketchy spammy site like that even RANKS for my name out of nowhere -- is spammy enough and a security risk in my opinion.

    

   [ reply to this | link to this | view in thread ]

9.  

   

   Peter Thomas, Aug 19th, 2008 @ 12:44am

   
   

   Re:

   I'm willing to bet that Dave is a smug Linux or Apple Mac user. Basically, he's saying "I'm better than you because you're a pleb using that common operating system which I dare not even name!"
   
   (For the record, I'm a user of Windows, Linux and Apple Mac, even at home. I'm platform-agnostic, I just use whatever is best for the job. I think anyone who gets involved in these OS pissing contests seriously needs to grow a pair.)

    

   [ reply to this | link to this | view in thread ]

10.  

    

    Andrew D. Todd, Aug 19th, 2008 @ 3:15am

    
    

    Dysfunctional Relationship

    Mozilla needs to recognize that it has a dysfunctional relationship with Adobe. If Mozilla will not recognize this, then forking is in order. Once the dysfunctional relationship is recognized, the remedies are fairly simple.
    
    I'll try not to be smug like Dave, but I've got a Windows Machine and a Linux machine on the same desk, with a KVM switch and so forth to tie them together, and I'm sort of gradually transitioning over to the Linux machine. On the Linux machine, (Gnome) Evince is a basically satisfactory Acrobat document reader. It doesn't do some of the advanced scripting features, but it seems to read essentially any real-world Acrobat document I try it on. Mozilla needs to come up with the funding to get Evince ported to Windows, and to bundle it into the various Windows Mozilla distributions. I understand that GNASH, the Free Software Foundation's replacement for Flash, is not as far along as Evince, and no doubt some additional work would be in order. People may still need to use Adobe products, but let this be reserved for the rare cases of files which will not run on Evince or GNASH, and let people choose to save the files and then run them, as a matter of calculated risk.

     

    [ reply to this | link to this | view in thread ]

11.  

    

    Twinrova, Aug 19th, 2008 @ 4:00am

    
    

    Come again?

    "...which is all the more reason to use AdBlock or FlashBlock or NoScript or something to protect you."
    
    No, the better solution is for websites to quit carrying useless ads which open the vulnerability in the first place.
    
    Hint.

     

    [ reply to this | link to this | view in thread ]

12.  

    

    Thom, Aug 19th, 2008 @ 5:04am

    
    

    No Flash

    When I finally got around to installing XP back in 2003 the first thing I did was tweak it and remove all the unnecessary cruft. One of the first pieces of cruft I removed was Flash and it hasn't been back in the five years since.
    
    Is there a rare YouTube video that I'd be inclined to view but can't? Sure. Is there an occassional website I'd like to visit but can't because it's Flash only? Sure. Those cases are rare though and rarer still are the instances where the desire has been more than a fleeting fancy and caused me to sit down at another pc.
    
    What's not so rare are the hundreds of thousands of dollars that Flash only websites have lost because I turned to their competitors. What's not so rare are the security vulnerabilities that I don't have to fret about. What's exhiliratingly exceedingly abundant are all the Flash ads that never load to slow my browsing experience or annoy and distract me.
    
    Flash is the tool of satan, umm marketing but they're one and the same, and no such tool will ever reside on my PC.

     

    [ reply to this | link to this | view in thread ]

13.  

    

    Chris Hinkle, Aug 19th, 2008 @ 6:41am

    
    

    nerds

    People who send their clipboard to people without checking it are a major part of the problem.
    
    This article blows this flaw way out of proportion. Adobe should fix it to make sure the user knows when they are adding something to their clipboard.

     

    [ reply to this | link to this | view in thread ]

14.  

    

    chris (profile), Aug 19th, 2008 @ 12:47pm

    
    

    old news

    you can do all that and more with the browser exploit framework (in firefox even):
    
    http://www.bindshell.net/tools/beef

     

    [ reply to this | link to this | view in thread ]

15.  

    

    OldAndBroke, Aug 19th, 2008 @ 5:26pm

    
    

    Re: No Flash

    "What's not so rare are the hundreds of thousands of dollars that Flash only websites have lost because I turned to their competitors."
    
    Please come to my non-flash web site! I could use "hundreds of thousands of dollars"!

     

    [ reply to this | link to this | view in thread ]

16.  

    

    Anonymous Coward, Aug 20th, 2008 @ 5:08am

    
    

    Re: Re: No Flash

    Who knows? An actual working link there and it may have even worked out for you (given people's gullibility)!

     

    [ reply to this | link to this | view in thread ]

17.  

    

    asdf, Aug 20th, 2008 @ 12:50pm

    
    

    Re: what are these files everyone seems upset about?

    Wow, you must be a complete moron to just download an .exe based on some random Comment. Enjoy your virus.

     

    [ reply to this | link to this | view in thread ]

18.  

    

    Igor, Feb 3rd, 2010 @ 8:03am

    
    

    Re:

    It is incredibly sneaky and seems to me more like an exercise than anything really practical. I mean, how many people will paste something they know they never copied, and then still allow that alien text to go out to the world? Additionally, it seems that any kidn of quality security software will head this one off, so I can't see it being a threat. Cute little piece of code though, I'll give them that.

     

    [ reply to this | link to this | view in thread ]

Add Your Comment