lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20120907223119.424765022B4@mail.itsecuritypros.org>
Date: Fri, 07 Sep 2012 18:31:29 -0400
From: "Michael D. Wood" <mike@...ecuritypros.org>
To: "Mark" <boogiebruva@...oo.co.uk>,noloader@...il.com
Cc: Full Disclosure b <full-disclosure@...ts.grok.org.uk>,
	BugTraq <bugtraq@...urityfocus.com>
Subject: Re: 
 Adobe Flash UpdateInstalls Other Warez without Consent

You guys are acting like Jeffrey is a newb to all this stuff.  I'm sure he knows what mbam and spybot are, and is able to scan his machine. I'm sure he knows to go straight to the source when downloading flash player, albeit Adobe does include the annoying toolbar unless you choose not to install. 

--
Michael D. Wood
ITSecurityPros.org
www.itsecuritypros.org

----- Reply message -----
From: "Mark" <boogiebruva@...oo.co.uk>
To: <noloader@...il.com>
Cc: "Full Disclosure b" <full-disclosure@...ts.grok.org.uk>, "BugTraq" <bugtraq@...urityfocus.com>
Subject: [Full-disclosure] Adobe Flash UpdateInstalls Other Warez without Consent
Date: Fri, Sep 7, 2012 5:32 pm


You didn't download it from download.cnet.com, by any chance?
Sounds more like an infection to me.
For windows, download and run the following programs.
http://www.filehippo.com/download_malwarebytes_anti_malware/
http://www.filehippo.com/download_spybot_search_destroy/5168/
http://www.filehippo.com/download_superantispyware/


On 06/09/2012 19:09, Jeffrey Walton wrote:
> The company that writes the worlds most insecure software [1,2,3] has
> figured out a way to further increase an attack surface.
> 
> Adobe now includes additional warez in their updates without consent.
> The warez includes a browser and tools bar. The attached image is what
> I got when I agreed to update Adobe Flash because of recent security
> vulnerability fixes.
> 
> It appears Adobe has become a whore to Google like Mozilla.
> 
> +1 Adobe.
> 
> [1] http://www.google.com/#q=Adobe+site%3Asecurityfocus.com.
> [2] http://web.nvd.nist.gov/view/vuln/search-results?query=adobe&search_type=all&cves=on
> [3] http://lastwatchdog.com/adobe-surpasses-microsoft-favorite-hackers-target/
> [4] http://www.theregister.co.uk/2009/12/29/security_predictions_2010/
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ