Note that while the exploit is in the PDF, the vulnerability is in the PDF reader. In practice, Adobe's software is the only attack surface anyone ever exploits, so you can read exploit-laden PDFs worry-free by using a less popular alternative. The same is true with Word/Excel files, etc.
You should still have some kind of comprehensive security solution in place, particularly for a business environment, but use of non-standard software is an effective fail-safe for when your "real" security craps out on you (as it inevitably will).
I've no idea why everyone only exploits Adobe's software though. For instance, pretty much all the open source PDF readers are based on a single PDF library called Poppler with a history of security vulnerabilities - exploit that and you should be able exploit all of them in one fell swoop.
Would opening a pdf via Chrome for example provide any extra protection? From what I understand most of the exploits are because of embedded media, no?
Extra protection as opposed to opening it in adobe reader, yes, much likely. Chrome has a sandbox for pdfs as far as I'm aware, they also provide a lot of big bug bounties to people who find any remote execution bugs in Chrome. So, in conclusion, yes, chrome provides relatively more security than other software when opening PDFs.
IIRC, both Adobe Reader "Protected Mode"[1] and Chromium "sandbox"[2] are built on Windows user-mode sandbox framework[3]. Basically, things like principle of least privilege and disable writes etc.
Security is all about execution: Chrome has an enviable track record; Adobe has an embarrassing one. They could change that but it's unclear that they're motivated to build up serious security competency (if they were, the manager in charge of their update process would be fired for cause)
>At the moment, we haven’t seen use of any 0-days; however, the worm is known to have infected fully-patched Windows 7 systems through the network, which might indicate the presence of a high risk 0-day.
I really want to know what that 0day is, I can't comprehend how hard it would be to find a 0day remote execution on a Windows system
The exploit might not be part of the package. It could be that the exploit installs flame and then uninstalls or removes traces of itself. 0days are very valuable, it makes sense to remove it if it has served its purpose.
Some exploits like those delivered via browsers attempt to execute code in privileged contexts without any file i/o. There might never have been anything to remove.
Highly unlikely that that will happen, simply because even the smaller virus writers take precaution when buying servers, they usually do it using stolen credit cards that are not hard to acquire. In addition, the it also depends whether the hosting companies are willing to assist people with the investigation.
I'm fed up by these technically lacking stories that don't give you the details but tell you that its "complex". While I realise that the BBC website is aimed towards the general public I think that it would be beneficial to include at least some technical details.
Haha! yeah I just finished reading the kinda-more-informative analysis (http://www.securelist.com/en/blog/208193522/The_Flame_Questi...). Seems very interesting. I wish that they would share the samples so other hobbyists could also see what it is like
D*ng, LiquidSummer. I've been using this service for almost a year with no problem, and you broke it. :)
It appears that, because it recursively calls it, the call eventually times out. (Google App Engine has this time limit of 10~30 seconds.) I'm not sure if I'll have a solution for this, but I can at least catch the exception. I'll need to look into it further.
OK, I figured it out. :) The problem was, we only support HTML pages at this point. The targetUrl you specified did not return a valid HTML page (it's JSON), and the application just returned 404 HTTP status code (since it couldn't find any HTML content), which was by design. (Note that this API is supposed to be used by a program not from a Web browser.) Anyways, it had been a while I actually looked at the code, and it was "fun" to look at the code again. :) I have yet to find a "bug". grin
I'm not too sure if it will. Majority of the people who pirate do so simple because they may not use it so often or they do not have sufficient funds to buy it. However, when for example, college students do get a copy of the crack and then they get used to using photoshop, and then when some of them grow up to work for a big firm, the big firm has no problem spending a few thousand on design software.
What I'm trying to say is that, even if they get 10x the sales with the copy of photoshop priced at $100, they will not make as much money as opposed to selling 1/10 copies at $1200.
