Attackers targeting media players

Discussion in 'Computer Security' started by Winged, Nov 23, 2005.

  1. Winged

    Winged Guest

    http://australianit.news.com.au/articles/0,7204,17338486^15331^^nbv^15306-15318,00.html

    There is a lot of truth in this article based on recent trends. Apple
    Quicktime, Macromedia shockwave, Windows media player, Adobe Acrobat,
    all of have current or recent issues.

    Folks need to consider if they actually need these items to do business
    and ensure they have mitigated the threats posed by these plug-ins.

    These vectors are wonderful vectors for ingress into most networks via
    e-mail links and html pages. Most networks have groups of users who
    can't resist sharing a fine video, a religious, funny or patriotic
    sentiment who do not understand the threat. We have found policies on
    this activity difficult to enforce (though we are removing a couple
    threat vector users permanently as I speak), but users can't seem resist
    sharing some fine sentiment, irrespective of the consequences

    .....mutters.

    Thought some might find the article useful for their user education
    campaigns.

    Winged
     
    Winged, Nov 23, 2005
    #1
    1. Advertising

  2. Winged

    Imhotep Guest

    Winged wrote:

    >

    http://australianit.news.com.au/articles/0,7204,17338486^15331^^nbv^15306-15318,00.html
    >
    > There is a lot of truth in this article based on recent trends. Apple
    > Quicktime, Macromedia shockwave, Windows media player, Adobe Acrobat,
    > all of have current or recent issues.
    >
    > Folks need to consider if they actually need these items to do business
    > and ensure they have mitigated the threats posed by these plug-ins.
    >
    > These vectors are wonderful vectors for ingress into most networks via
    > e-mail links and html pages. Most networks have groups of users who
    > can't resist sharing a fine video, a religious, funny or patriotic
    > sentiment who do not understand the threat. We have found policies on
    > this activity difficult to enforce (though we are removing a couple
    > threat vector users permanently as I speak), but users can't seem resist
    > sharing some fine sentiment, irrespective of the consequences
    >
    > ....mutters.
    >
    > Thought some might find the article useful for their user education
    > campaigns.
    >
    > Winged



    Excellent comments. I read a similar article about 3 or so months ago.
    Basically, it said hackers were shifting their focus to third party apps
    like media applications. In a work environment, if you do not need it,
    don't install it....

    Imhotep
     
    Imhotep, Nov 23, 2005
    #2
    1. Advertising

  3. Winged

    Jim Watt Guest

    On Tue, 22 Nov 2005 22:06:26 -0600, Winged <>
    wrote:

    >There is a lot of truth in this article based on recent trends. Apple
    >Quicktime, Macromedia shockwave, Windows media player, Adobe Acrobat,
    >all of have current or recent issues.
    >
    >Folks need to consider if they actually need these items to do business
    >and ensure they have mitigated the threats posed by these plug-ins.


    <snip>

    Adobe acrobat is a 'must have' these days.

    For those clients who need real audio, I've been installing
    'the Real alternative' - however I think it actually uses
    media player to work, so that becomes an essential too.

    It does, however avoid the sprawling mass of Real player
    and its 'extra functionality'.
    --
    Jim Watt
    http://www.gibnet.com
     
    Jim Watt, Nov 23, 2005
    #3
  4. Winged

    DavidPostill Guest

    In article <>, on Wed, 23 Nov 2005 10:26:30 +0100, Jim
    Watt wrote:

    | On Tue, 22 Nov 2005 22:06:26 -0600, Winged <>
    | wrote:
    |
    | >There is a lot of truth in this article based on recent trends. Apple
    | >Quicktime, Macromedia shockwave, Windows media player, Adobe Acrobat,
    | >all of have current or recent issues.
    | >
    | >Folks need to consider if they actually need these items to do business
    | >and ensure they have mitigated the threats posed by these plug-ins.
    |
    | <snip>
    |
    | Adobe acrobat is a 'must have' these days.

    Try <http://www.foxitsoftware.com/pdf/rd_intro.php> ...
    --
    DavidPostill
     
    DavidPostill, Nov 23, 2005
    #4
  5. Winged

    Ron Lopshire Guest

    DavidPostill wrote:

    > In article <>, on Wed, 23 Nov 2005 10:26:30 +0100, Jim
    > Watt wrote:
    >
    > | On Tue, 22 Nov 2005 22:06:26 -0600, Winged <>
    > | wrote:
    > |
    > | >There is a lot of truth in this article based on recent trends. Apple
    > | >Quicktime, Macromedia shockwave, Windows media player, Adobe Acrobat,
    > | >all of have current or recent issues.
    > | >
    > | >Folks need to consider if they actually need these items to do business
    > | >and ensure they have mitigated the threats posed by these plug-ins.
    > |
    > | <snip>
    > |
    > | Adobe acrobat is a 'must have' these days.
    >
    > Try <http://www.foxitsoftware.com/pdf/rd_intro.php> ...


    I bought a new WinXP box last March. I uninstalled Flash, among other
    crap, and haven't looked back. Eight months without any Adobe or
    Macromedia software and loving every minute of it. YMMV.

    Ron :)
     
    Ron Lopshire, Nov 23, 2005
    #5
  6. Winged

    Notan Guest

    Ron Lopshire wrote:
    >
    > DavidPostill wrote:
    >
    > > In article <>, on Wed, 23 Nov 2005 10:26:30 +0100, Jim
    > > Watt wrote:
    > >
    > > | On Tue, 22 Nov 2005 22:06:26 -0600, Winged <>
    > > | wrote:
    > > |
    > > | >There is a lot of truth in this article based on recent trends. Apple
    > > | >Quicktime, Macromedia shockwave, Windows media player, Adobe Acrobat,
    > > | >all of have current or recent issues.
    > > | >
    > > | >Folks need to consider if they actually need these items to do business
    > > | >and ensure they have mitigated the threats posed by these plug-ins.
    > > |
    > > | <snip>
    > > |
    > > | Adobe acrobat is a 'must have' these days.
    > >
    > > Try <http://www.foxitsoftware.com/pdf/rd_intro.php> ...

    >
    > I bought a new WinXP box last March. I uninstalled Flash, among other
    > crap, and haven't looked back. Eight months without any Adobe or
    > Macromedia software and loving every minute of it. YMMV.


    Clearly, you're not a business user.

    Not a day goes by where I'm not reading/writing a PDF.

    Notan
     
    Notan, Nov 23, 2005
    #6
  7. Winged

    Ron Lopshire Guest

    Notan wrote:

    > Ron Lopshire wrote:
    >
    >>DavidPostill wrote:
    >>
    >>
    >>>In article <>, on Wed, 23 Nov 2005 10:26:30 +0100, Jim
    >>>Watt wrote:
    >>>
    >>>| On Tue, 22 Nov 2005 22:06:26 -0600, Winged <>
    >>>| wrote:
    >>>|
    >>>| >There is a lot of truth in this article based on recent trends. Apple
    >>>| >Quicktime, Macromedia shockwave, Windows media player, Adobe Acrobat,
    >>>| >all of have current or recent issues.
    >>>| >
    >>>| >Folks need to consider if they actually need these items to do business
    >>>| >and ensure they have mitigated the threats posed by these plug-ins.
    >>>|
    >>>| <snip>
    >>>|
    >>>| Adobe acrobat is a 'must have' these days.
    >>>
    >>>Try <http://www.foxitsoftware.com/pdf/rd_intro.php> ...

    >>
    >>I bought a new WinXP box last March. I uninstalled Flash, among other
    >>crap, and haven't looked back. Eight months without any Adobe or
    >>Macromedia software and loving every minute of it. YMMV.

    >
    >
    > Clearly, you're not a business user.
    >
    > Not a day goes by where I'm not reading/writing a PDF.
    >
    > Notan


    I didn't say that I don't read PDF, I just don't use Adobe.

    Ron :)
     
    Ron Lopshire, Nov 24, 2005
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Big Ron

    Targeting an explorer folder

    Big Ron, May 26, 2005, in forum: Computer Support
    Replies:
    1
    Views:
    751
    dadiOH
    May 26, 2005
  2. Au79
    Replies:
    2
    Views:
    342
    elaich
    Jan 26, 2006
  3. Bri.

    HTML Frame targeting

    Bri., Aug 28, 2006, in forum: Computer Support
    Replies:
    4
    Views:
    448
  4. Au79
    Replies:
    0
    Views:
    387
  5. Bruce Fitzsimons

    Google AdWords NZ targeting is bust

    Bruce Fitzsimons, Nov 13, 2005, in forum: NZ Computing
    Replies:
    8
    Views:
    477
    Rob J
    Nov 14, 2005
Loading...

Share This Page