I.T. Security and Linux Administration

Feb 28 2013   7:22PM GMT

Hacking the EU



Posted by: Eric Hansen
Tags:
security

http://www.v3.co.uk/v3-uk/news/2251393/miniduke-spying-malware-found-on-eu-government-networks

While stories like these tend to get old to me, this one is an exception, because it shows that a dog’s old tricks can still prove to be worth points.

Now, there’s two people at fault here, in my eyes:

1 – Adobe: The exploit’s been there since AcrobatPDF v9.  While not every bug will be found, I have a hard time believing it was safe for that many years (going on 5 years [2008-2013] now).

2 – The government agencies: I just have this increasingly sinking feeling that this is due to them still using v9, when v11 is out in the public as stable now.  Why?

The article also mentions the attack being found in America as well, but doesn’t do much to touch on it.  I guess which makes sense, since most of the attacks in the article are in the EU.  But, in the article, it states that the writers found a way to bypass sandboxing.  This isn’t new methodology, and in fact is quite old.  So, why haven’t these been fixed?  Heck, Adobe’s software has been under the gun quite a bit past few years due to countless number of attacks (think Java).  Every month there seems to be a new 0-day out for one of their products.  I feel moving to a different PDF reader, though, won’t fix the problem.  PDF is a pretty standardized format.  The issue should be addressed of the readers themselves detecting corrupted PDFs and not allowing them to load.

Is it that simple?  Knowing my luck, probably not.  But one can dream.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: