lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Sat, 8 Sep 2012 22:45:10 +0100
From: Benji <me@...ji.com>
To: "noloader@...il.com" <noloader@...il.com>
Cc: Full Disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Adobe Flash Update Installs Other Warez
	without Consent

You've been using gmail for 15 years? That's so impressive, it's almost unbelievable

Sent from my iPhone

On 8 Sep 2012, at 22:25, Jeffrey Walton <noloader@...il.com> wrote:

> I> is that why you use gmail?
> I know. I'm preparing for a migration now. Its hard throw away 10 or
> 15 years of history.
> 
> On Sat, Sep 8, 2012 at 5:18 PM, Benji <me@...ji.com> wrote:
>>> Explorer and IE vulnerabilities. Plus, I'm not trying to feed Google
>>> any more data through their back channels by using their browser.
>> 
>> is that why you use gmail?
>> 
>> On Sat, Sep 8, 2012 at 10:14 PM, Jeffrey Walton <noloader@...il.com> wrote:
>>> Hi Chrisitan,
>>> 
>>> [Corrected Title]
>>> 
>>> I'll feed you one last time. Here are the results from a second machine.
>>> 
>>> flash-update-1 shows the web page Flash Update opened to download the update.
>>> 
>>> flash-update-2 shows the only preferences or selections presented when
>>> running the EXE downloaded from the previous step.
>>> 
>>> flash-update-3 shows the flash update, and the additional Google crap.
>>> 
>>> WebKit is insecure junk
>>> (http://web.nvd.nist.gov/view/vuln/search-results?query=WebKit&search_type=all&cves=on),
>>> and I don't want it on my machines. Its bad enough I have to manage
>>> Explorer and IE vulnerabilities. Plus, I'm not trying to feed Google
>>> any more data through their back channels by using their browser.
>>> 
>>> Jeff
>>> 
>>> On Sat, Sep 8, 2012 at 7:02 AM, Christian Sciberras <uuf6429@...il.com> wrote:
>>>> His initial email doesn't make him look like a newb? Really?
>>>> 
>>>> Quoting: "It appears Adobe has become a whore to Google like Mozilla."
>>>> 
>>>> Typical response from an attention-starved kid. Except he's no kid.
>>>> 
>>>> Hmmm.
>>>> 
>>>> Then there's the whole bullshit he's been talking about - which by the way,
>>>> several people categorically proved to be inaccurate, if not plain wrong.
>>>> 
>>>> On Sat, Sep 8, 2012 at 1:15 AM, Mark <boogiebruva@...oo.co.uk> wrote:
>>>>> 
>>>>> You're right. Jeffrey is no newb. Sorry if it came over the wrong way.
>>>>> 
>>>>> On 08/09/2012 0:31, Michael D. Wood wrote:
>>>>>> You guys are acting like Jeffrey is a newb to all this stuff.  I'm sure
>>>>>> he knows what mbam and spybot are, and is able to scan his machine. I'm
>>>>>> sure he knows to go straight to the source when downloading flash
>>>>>> player, albeit Adobe does include the annoying toolbar unless you choose
>>>>>> not to install.
>>>>>> 
>>>>>> --
>>>>>> Michael D. Wood
>>>>>> ITSecurityPros.org
>>>>>> www.itsecuritypros.org
>>>>>> 
>>>>>> ----- Reply message -----
>>>>>> From: "Mark" <boogiebruva@...oo.co.uk>
>>>>>> To: <noloader@...il.com>
>>>>>> Cc: "Full Disclosure b" <full-disclosure@...ts.grok.org.uk>, "BugTraq"
>>>>>> <bugtraq@...urityfocus.com>
>>>>>> Subject: [Full-disclosure] Adobe Flash UpdateInstalls Other Warez
>>>>>> without Consent
>>>>>> Date: Fri, Sep 7, 2012 5:32 pm
>>>>>> 
>>>>>> 
>>>>>> You didn't download it from download.cnet.com, by any chance?
>>>>>> Sounds more like an infection to me.
>>>>>> For windows, download and run the following programs.
>>>>>> http://www.filehippo.com/download_malwarebytes_anti_malware/
>>>>>> http://www.filehippo.com/download_spybot_search_destroy/5168/
>>>>>> http://www.filehippo.com/download_superantispyware/
>>>>>> 
>>>>>> 
>>>>>> On 06/09/2012 19:09, Jeffrey Walton wrote:
>>>>>>> The company that writes the worlds most insecure software [1,2,3] has
>>>>>>> figured out a way to further increase an attack surface.
>>>>>>> 
>>>>>>> Adobe now includes additional warez in their updates without consent.
>>>>>>> The warez includes a browser and tools bar. The attached image is what
>>>>>>> I got when I agreed to update Adobe Flash because of recent security
>>>>>>> vulnerability fixes.
>>>>>>> 
>>>>>>> It appears Adobe has become a whore to Google like Mozilla.
>>>>>>> 
>>>>>>> +1 Adobe.
>>>>>>> 
>>>>>>> [1] http://www.google.com/#q=Adobe+site%3Asecurityfocus.com.
>>>>>>> [2]
>>>>>> 
>>>>>> http://web.nvd.nist.gov/view/vuln/search-results?query=adobe&search_type=all&cves=on
>>>>>>> [3]
>>>>>> 
>>>>>> http://lastwatchdog.com/adobe-surpasses-microsoft-favorite-hackers-target/
>>>>>>> [4] http://www.theregister.co.uk/2009/12/29/security_predictions_2010/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ