[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAH8yC8km-ELEMT4mbmf=qz8U_B6g+NOukNV2M_va2g6n=idFbw@mail.gmail.com>
Date: Sat, 8 Sep 2012 17:25:58 -0400
From: Jeffrey Walton <noloader@...il.com>
To: Benji <me@...ji.com>
Cc: Full Disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Adobe Flash Update Installs Other Warez
without Consent
I> is that why you use gmail?
I know. I'm preparing for a migration now. Its hard throw away 10 or
15 years of history.
On Sat, Sep 8, 2012 at 5:18 PM, Benji <me@...ji.com> wrote:
>> Explorer and IE vulnerabilities. Plus, I'm not trying to feed Google
>> any more data through their back channels by using their browser.
>
> is that why you use gmail?
>
> On Sat, Sep 8, 2012 at 10:14 PM, Jeffrey Walton <noloader@...il.com> wrote:
>> Hi Chrisitan,
>>
>> [Corrected Title]
>>
>> I'll feed you one last time. Here are the results from a second machine.
>>
>> flash-update-1 shows the web page Flash Update opened to download the update.
>>
>> flash-update-2 shows the only preferences or selections presented when
>> running the EXE downloaded from the previous step.
>>
>> flash-update-3 shows the flash update, and the additional Google crap.
>>
>> WebKit is insecure junk
>> (http://web.nvd.nist.gov/view/vuln/search-results?query=WebKit&search_type=all&cves=on),
>> and I don't want it on my machines. Its bad enough I have to manage
>> Explorer and IE vulnerabilities. Plus, I'm not trying to feed Google
>> any more data through their back channels by using their browser.
>>
>> Jeff
>>
>> On Sat, Sep 8, 2012 at 7:02 AM, Christian Sciberras <uuf6429@...il.com> wrote:
>>> His initial email doesn't make him look like a newb? Really?
>>>
>>> Quoting: "It appears Adobe has become a whore to Google like Mozilla."
>>>
>>> Typical response from an attention-starved kid. Except he's no kid.
>>>
>>> Hmmm.
>>>
>>> Then there's the whole bullshit he's been talking about - which by the way,
>>> several people categorically proved to be inaccurate, if not plain wrong.
>>>
>>> On Sat, Sep 8, 2012 at 1:15 AM, Mark <boogiebruva@...oo.co.uk> wrote:
>>>>
>>>> You're right. Jeffrey is no newb. Sorry if it came over the wrong way.
>>>>
>>>> On 08/09/2012 0:31, Michael D. Wood wrote:
>>>> > You guys are acting like Jeffrey is a newb to all this stuff. I'm sure
>>>> > he knows what mbam and spybot are, and is able to scan his machine. I'm
>>>> > sure he knows to go straight to the source when downloading flash
>>>> > player, albeit Adobe does include the annoying toolbar unless you choose
>>>> > not to install.
>>>> >
>>>> > --
>>>> > Michael D. Wood
>>>> > ITSecurityPros.org
>>>> > www.itsecuritypros.org
>>>> >
>>>> > ----- Reply message -----
>>>> > From: "Mark" <boogiebruva@...oo.co.uk>
>>>> > To: <noloader@...il.com>
>>>> > Cc: "Full Disclosure b" <full-disclosure@...ts.grok.org.uk>, "BugTraq"
>>>> > <bugtraq@...urityfocus.com>
>>>> > Subject: [Full-disclosure] Adobe Flash UpdateInstalls Other Warez
>>>> > without Consent
>>>> > Date: Fri, Sep 7, 2012 5:32 pm
>>>> >
>>>> >
>>>> > You didn't download it from download.cnet.com, by any chance?
>>>> > Sounds more like an infection to me.
>>>> > For windows, download and run the following programs.
>>>> > http://www.filehippo.com/download_malwarebytes_anti_malware/
>>>> > http://www.filehippo.com/download_spybot_search_destroy/5168/
>>>> > http://www.filehippo.com/download_superantispyware/
>>>> >
>>>> >
>>>> > On 06/09/2012 19:09, Jeffrey Walton wrote:
>>>> >> The company that writes the worlds most insecure software [1,2,3] has
>>>> >> figured out a way to further increase an attack surface.
>>>> >>
>>>> >> Adobe now includes additional warez in their updates without consent.
>>>> >> The warez includes a browser and tools bar. The attached image is what
>>>> >> I got when I agreed to update Adobe Flash because of recent security
>>>> >> vulnerability fixes.
>>>> >>
>>>> >> It appears Adobe has become a whore to Google like Mozilla.
>>>> >>
>>>> >> +1 Adobe.
>>>> >>
>>>> >> [1] http://www.google.com/#q=Adobe+site%3Asecurityfocus.com.
>>>> >> [2]
>>>> >
>>>> > http://web.nvd.nist.gov/view/vuln/search-results?query=adobe&search_type=all&cves=on
>>>> >> [3]
>>>> >
>>>> > http://lastwatchdog.com/adobe-surpasses-microsoft-favorite-hackers-target/
>>>> >> [4] http://www.theregister.co.uk/2009/12/29/security_predictions_2010/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists