funsec mailing list archives
Re: Adobe 0-day in the wild
From: "Alex Eckelberry" <AlexE () sunbelt-software com>
Date: Sat, 21 Feb 2009 22:02:51 -0500
Fwiw, there are snort rules avail http://snort.org/vrt/advisories/vrt-rules-2009-02-20.html -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Rich Kulawiec Sent: Saturday, February 21, 2009 5:50 PM To: funsec () linuxbox org Subject: Re: [funsec] Adobe 0-day in the wild On Sat, Feb 21, 2009 at 11:47:20AM -0800, nick hatch wrote:
Our current mitigation strategy is begging our users to be safe. Ugh.
Why not encourage them to switch to open-source software? (As I've said elsewhere, "closed source" == "faith-based security".) It's not a panacea of course, but (a) open-source projects tend to respond much faster and (b) if they don't respond sufficiently quickly, user communities can and will develop their own fixes. Of course, I don't know whether any of the numerous open-source PDF handlers out there will meet your particular needs; but if they don't, then maybe the best approach is to discuss the situation with them and figure out how to make it happen -- in which case everyone wins. (I've found it, on occasion, *extremely* cost-effective to fund a little development on a particular feature or two. Amounts which wouldn't even buy a year of support for a single-user license turn out to buy a lot more when directed at low-budget projects.) ---Rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Adobe 0-day in the wild Juha-Matti Laurio (Feb 20)
- Re: Adobe 0-day in the wild Paul Ferguson (Feb 20)
- Re: Adobe 0-day in the wild John LaCour (Feb 21)
- Re: Adobe 0-day in the wild nick hatch (Feb 21)
- Re: Adobe 0-day in the wild Rich Kulawiec (Feb 21)
- Re: Adobe 0-day in the wild Alex Eckelberry (Feb 21)
- Re: Adobe 0-day in the wild Axel Pettinger (Mar 04)
- Re: Adobe 0-day in the wild nick hatch (Feb 21)
- Re: Adobe 0-day in the wild Jon Kibler (Feb 22)
- Re: Adobe 0-day in the wild rackow (Feb 23)
- Re: Adobe 0-day in the wild nick hatch (Feb 23)
- Re: Adobe 0-day in the wild Dragos Ruiu (Feb 23)
- Re: Adobe 0-day in the wild Charles Miller (Feb 23)
- Re: Adobe 0-day in the wild nick hatch (Feb 23)
- Re: Adobe 0-day in the wild Dragos Ruiu (Feb 23)
- Re: Adobe 0-day in the wild rackow (Feb 23)
- <Possible follow-ups>
- Re: Adobe 0-day in the wild Juha-Matti Laurio (Feb 21)
- Re: Adobe 0-day in the wild rackow (Feb 21)