The "latest exploit de jour" thread
-
we need this.
0-day attack on Firefox users stole password and key data: Patch now!
Exploit found in the wild prompts emergency update, advisory to change passwords.
-
I've converted completely to Edge anyway.
-
Nerves rattled by highly suspicious Windows Update delivered worldwide [Updated]
![Nerves rattled by highly suspicious Windows Update delivered worldwide [Updated]](https://cdn.arstechnica.net/wp-content/uploads/2015/09/suspicious-windows-update-640x215.png)
Strange payload raised concerns that Windows Update has been hacked.
-
"The bug in a built-in PDF reader" ... Oh, good. I disabled that shit years ago. Maybe you guys could work on making a working browser first, THEN worry about creating a bug-ridden .pdf viewer later on?
Thanks.
The exploit was served in an advertisement on an undisclosed Russian news site, but Veditz said he couldn't rule out the possibility that other sites also hosted the attack....
...
People who use ad-blocking software may have been protected from this exploit depending on the software and specific filters being used."suck it, "ad-blocking is evil and ads are safe" camp!
Filed under: One month later...
-
Go goflash..
New zero-day exploit hits fully patched Adobe Flash [Updated]
![New zero-day exploit hits fully patched Adobe Flash [Updated]](http://cdn.arstechnica.net/wp-content/themes/ars/assets/static/ars-logo-open-grey.png)
Attacks used to hijack end users' computers when they visit booby-trapped sites.
-
Would it be wrong of me to code a zero-day exploit that permanently disabled Adobe plug-ins in all browsers, added 0.0.0.0 entries in hosts.txt for all adobe sites, uninstalled Flash player, and finally created a read-only directory under c:\program files\Adobe that no user has permissions to modify?
-
@Lorne_Kates said:
"The bug in a built-in PDF reader" ...
Because if you write your own PDF reader it can't possibly have any bugs.
-
That report makes me very glad that I reacted to the sudden appearance of a slow, irritating inbuilt PDF reader with broken printing support after a Firefox update by quickly working out how to disable it on all school workstations, and that I've always run comprehensive ad blocking inside the school at both workstation and web proxy levels.
Given that this kind of purely toxic shit always turns up in advertising before anywhere else, I remain astonished that there are still people who seem to think that allowing advertising to get as far as the browser's rendering engine is in any way a good idea.
