| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAEJizbZ0V8k1YQqDZVg8jAkxQLjVH_GgorvbV8JUWx1JfBHxZg@mail.gmail.com> Date: Tue, 18 Sep 2012 15:54:26 +0100 From: Benji <me@...ji.com> To: noloader@...il.com Cc: Disclosure <full-disclosure@...ts.grok.org.uk>, BugTraq <bugtraq@...urityfocus.com> Subject: Re: Adobe Flash UpdateInstalls Other Warez without Consent >>If you can't program them or secure them, you might as well paint on them. Quote taken from the "How to treat your girlfriend for dummies" On Mon, Sep 17, 2012 at 6:59 PM, Jeffrey Walton <noloader@...il.com> wrote: > Hi Christian, > > > So, I was updating flash on a computer lately, when I noticed the > > prompt below*, reminding me of this conversation. > Its a different URL. The URL I used was provided by the Adobe Flash Update > Service. > > Considering how bad they've done in userland, its a scary thought they are > installing software at an elevated privilege level (and IT allows it). > > > or maybe it just took me a few weeks to photoshop this.... > If you can't program them or secure them, you might as well paint on them. > > Jeff > > On Mon, Sep 17, 2012 at 1:39 PM, Christian Sciberras <uuf6429@...il.com>wrote: > >> So, I was updating flash on a computer lately, when I noticed the prompt >> below*, reminding me of this conversation. >> >> *or maybe it just took me a few weeks to photoshop this....you decide. >> >> To the more reasonable readers, I guess Adobe could have had a genuine >> mistake / bug in their code....nothing new. >> Don't know why it's such a big deal. >> >> >> >> [image: Inline image 1] >> On Sun, Sep 9, 2012 at 11:21 PM, Marcio B. Jr. <marcio.barbado@...il.com>wrote: >> >>> You may be interested in getting acquainted with the fact that life is >>> possible (it's actually stupendously better) without crapware. >>> >>> On Thu, Sep 6, 2012 at 2:09 PM, Jeffrey Walton <noloader@...il.com> >>> wrote: >>> > The company that writes the worlds most insecure software [1,2,3] has >>> > figured out a way to further increase an attack surface. >>> > >>> > Adobe now includes additional warez in their updates without consent. >>> > The warez includes a browser and tools bar. The attached image is what >>> > I got when I agreed to update Adobe Flash because of recent security >>> > vulnerability fixes. >>> > >>> > It appears Adobe has become a whore to Google like Mozilla. >>> > >>> > +1 Adobe. >>> > >>> > [1] http://www.google.com/#q=Adobe+site%3Asecurityfocus.com. >>> > [2] >>> http://web.nvd.nist.gov/view/vuln/search-results?query=adobe&search_type=all&cves=on >>> > [3] >>> http://lastwatchdog.com/adobe-surpasses-microsoft-favorite-hackers-target/ >>> > [4] http://www.theregister.co.uk/2009/12/29/security_predictions_2010/ >>> > >>> > [SNIP] >>> >> > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > Content of type "text/html" skipped Download attachment "Untitled.png" of type "image/png" (211549 bytes) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists