[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Adobe Flash Update Installs Other Warez without Consent
- To: "noloader@xxxxxxxxx" <noloader@xxxxxxxxx>
- Subject: Re: [Full-disclosure] Adobe Flash Update Installs Other Warez without Consent
- From: Benji <me@xxxxxxxxx>
- Date: Sat, 8 Sep 2012 22:45:10 +0100
You've been using gmail for 15 years? That's so impressive, it's almost
unbelievable
Sent from my iPhone
On 8 Sep 2012, at 22:25, Jeffrey Walton <noloader@xxxxxxxxx> wrote:
> I> is that why you use gmail?
> I know. I'm preparing for a migration now. Its hard throw away 10 or
> 15 years of history.
>
> On Sat, Sep 8, 2012 at 5:18 PM, Benji <me@xxxxxxxxx> wrote:
>>> Explorer and IE vulnerabilities. Plus, I'm not trying to feed Google
>>> any more data through their back channels by using their browser.
>>
>> is that why you use gmail?
>>
>> On Sat, Sep 8, 2012 at 10:14 PM, Jeffrey Walton <noloader@xxxxxxxxx> wrote:
>>> Hi Chrisitan,
>>>
>>> [Corrected Title]
>>>
>>> I'll feed you one last time. Here are the results from a second machine.
>>>
>>> flash-update-1 shows the web page Flash Update opened to download the
>>> update.
>>>
>>> flash-update-2 shows the only preferences or selections presented when
>>> running the EXE downloaded from the previous step.
>>>
>>> flash-update-3 shows the flash update, and the additional Google crap.
>>>
>>> WebKit is insecure junk
>>> (http://web.nvd.nist.gov/view/vuln/search-results?query=WebKit&search_type=all&cves=on),
>>> and I don't want it on my machines. Its bad enough I have to manage
>>> Explorer and IE vulnerabilities. Plus, I'm not trying to feed Google
>>> any more data through their back channels by using their browser.
>>>
>>> Jeff
>>>
>>> On Sat, Sep 8, 2012 at 7:02 AM, Christian Sciberras <uuf6429@xxxxxxxxx>
>>> wrote:
>>>> His initial email doesn't make him look like a newb? Really?
>>>>
>>>> Quoting: "It appears Adobe has become a whore to Google like Mozilla."
>>>>
>>>> Typical response from an attention-starved kid. Except he's no kid.
>>>>
>>>> Hmmm.
>>>>
>>>> Then there's the whole bullshit he's been talking about - which by the way,
>>>> several people categorically proved to be inaccurate, if not plain wrong.
>>>>
>>>> On Sat, Sep 8, 2012 at 1:15 AM, Mark <boogiebruva@xxxxxxxxxxx> wrote:
>>>>>
>>>>> You're right. Jeffrey is no newb. Sorry if it came over the wrong way.
>>>>>
>>>>> On 08/09/2012 0:31, Michael D. Wood wrote:
>>>>>> You guys are acting like Jeffrey is a newb to all this stuff. I'm sure
>>>>>> he knows what mbam and spybot are, and is able to scan his machine. I'm
>>>>>> sure he knows to go straight to the source when downloading flash
>>>>>> player, albeit Adobe does include the annoying toolbar unless you choose
>>>>>> not to install.
>>>>>>
>>>>>> --
>>>>>> Michael D. Wood
>>>>>> ITSecurityPros.org
>>>>>> www.itsecuritypros.org
>>>>>>
>>>>>> ----- Reply message -----
>>>>>> From: "Mark" <boogiebruva@xxxxxxxxxxx>
>>>>>> To: <noloader@xxxxxxxxx>
>>>>>> Cc: "Full Disclosure b" <full-disclosure@xxxxxxxxxxxxxxxxx>, "BugTraq"
>>>>>> <bugtraq@xxxxxxxxxxxxxxxxx>
>>>>>> Subject: [Full-disclosure] Adobe Flash UpdateInstalls Other Warez
>>>>>> without Consent
>>>>>> Date: Fri, Sep 7, 2012 5:32 pm
>>>>>>
>>>>>>
>>>>>> You didn't download it from download.cnet.com, by any chance?
>>>>>> Sounds more like an infection to me.
>>>>>> For windows, download and run the following programs.
>>>>>> http://www.filehippo.com/download_malwarebytes_anti_malware/
>>>>>> http://www.filehippo.com/download_spybot_search_destroy/5168/
>>>>>> http://www.filehippo.com/download_superantispyware/
>>>>>>
>>>>>>
>>>>>> On 06/09/2012 19:09, Jeffrey Walton wrote:
>>>>>>> The company that writes the worlds most insecure software [1,2,3] has
>>>>>>> figured out a way to further increase an attack surface.
>>>>>>>
>>>>>>> Adobe now includes additional warez in their updates without consent.
>>>>>>> The warez includes a browser and tools bar. The attached image is what
>>>>>>> I got when I agreed to update Adobe Flash because of recent security
>>>>>>> vulnerability fixes.
>>>>>>>
>>>>>>> It appears Adobe has become a whore to Google like Mozilla.
>>>>>>>
>>>>>>> +1 Adobe.
>>>>>>>
>>>>>>> [1] http://www.google.com/#q=Adobe+site%3Asecurityfocus.com.
>>>>>>> [2]
>>>>>>
>>>>>> http://web.nvd.nist.gov/view/vuln/search-results?query=adobe&search_type=all&cves=on
>>>>>>> [3]
>>>>>>
>>>>>> http://lastwatchdog.com/adobe-surpasses-microsoft-favorite-hackers-target/
>>>>>>> [4] http://www.theregister.co.uk/2009/12/29/security_predictions_2010/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/