lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 8 Sep 2012 22:18:06 +0100
From: Benji <me@...ji.com>
To: noloader@...il.com
Cc: Full Disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Adobe Flash Update Installs Other Warez
	without Consent

> Explorer and IE vulnerabilities. Plus, I'm not trying to feed Google
> any more data through their back channels by using their browser.

is that why you use gmail?

On Sat, Sep 8, 2012 at 10:14 PM, Jeffrey Walton <noloader@...il.com> wrote:
> Hi Chrisitan,
>
> [Corrected Title]
>
> I'll feed you one last time. Here are the results from a second machine.
>
> flash-update-1 shows the web page Flash Update opened to download the update.
>
> flash-update-2 shows the only preferences or selections presented when
> running the EXE downloaded from the previous step.
>
> flash-update-3 shows the flash update, and the additional Google crap.
>
> WebKit is insecure junk
> (http://web.nvd.nist.gov/view/vuln/search-results?query=WebKit&search_type=all&cves=on),
> and I don't want it on my machines. Its bad enough I have to manage
> Explorer and IE vulnerabilities. Plus, I'm not trying to feed Google
> any more data through their back channels by using their browser.
>
> Jeff
>
> On Sat, Sep 8, 2012 at 7:02 AM, Christian Sciberras <uuf6429@...il.com> wrote:
>> His initial email doesn't make him look like a newb? Really?
>>
>> Quoting: "It appears Adobe has become a whore to Google like Mozilla."
>>
>> Typical response from an attention-starved kid. Except he's no kid.
>>
>> Hmmm.
>>
>> Then there's the whole bullshit he's been talking about - which by the way,
>> several people categorically proved to be inaccurate, if not plain wrong.
>>
>> On Sat, Sep 8, 2012 at 1:15 AM, Mark <boogiebruva@...oo.co.uk> wrote:
>>>
>>> You're right. Jeffrey is no newb. Sorry if it came over the wrong way.
>>>
>>> On 08/09/2012 0:31, Michael D. Wood wrote:
>>> > You guys are acting like Jeffrey is a newb to all this stuff.  I'm sure
>>> > he knows what mbam and spybot are, and is able to scan his machine. I'm
>>> > sure he knows to go straight to the source when downloading flash
>>> > player, albeit Adobe does include the annoying toolbar unless you choose
>>> > not to install.
>>> >
>>> > --
>>> > Michael D. Wood
>>> > ITSecurityPros.org
>>> > www.itsecuritypros.org
>>> >
>>> > ----- Reply message -----
>>> > From: "Mark" <boogiebruva@...oo.co.uk>
>>> > To: <noloader@...il.com>
>>> > Cc: "Full Disclosure b" <full-disclosure@...ts.grok.org.uk>, "BugTraq"
>>> > <bugtraq@...urityfocus.com>
>>> > Subject: [Full-disclosure] Adobe Flash UpdateInstalls Other Warez
>>> > without Consent
>>> > Date: Fri, Sep 7, 2012 5:32 pm
>>> >
>>> >
>>> > You didn't download it from download.cnet.com, by any chance?
>>> > Sounds more like an infection to me.
>>> > For windows, download and run the following programs.
>>> > http://www.filehippo.com/download_malwarebytes_anti_malware/
>>> > http://www.filehippo.com/download_spybot_search_destroy/5168/
>>> > http://www.filehippo.com/download_superantispyware/
>>> >
>>> >
>>> > On 06/09/2012 19:09, Jeffrey Walton wrote:
>>> >> The company that writes the worlds most insecure software [1,2,3] has
>>> >> figured out a way to further increase an attack surface.
>>> >>
>>> >> Adobe now includes additional warez in their updates without consent.
>>> >> The warez includes a browser and tools bar. The attached image is what
>>> >> I got when I agreed to update Adobe Flash because of recent security
>>> >> vulnerability fixes.
>>> >>
>>> >> It appears Adobe has become a whore to Google like Mozilla.
>>> >>
>>> >> +1 Adobe.
>>> >>
>>> >> [1] http://www.google.com/#q=Adobe+site%3Asecurityfocus.com.
>>> >> [2]
>>> >
>>> > http://web.nvd.nist.gov/view/vuln/search-results?query=adobe&search_type=all&cves=on
>>> >> [3]
>>> >
>>> > http://lastwatchdog.com/adobe-surpasses-microsoft-favorite-hackers-target/
>>> >> [4] http://www.theregister.co.uk/2009/12/29/security_predictions_2010/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ