Why even BOTHER reporting bugs to vendors?
Here it is – the argument for why the VulnDisco path is better than the CERT path or, that is to say, why it’s better to sell people tools that can be used to verify the fix (vendor or DIY) vs. only telling the vendor then relying on the vendor’s quality, honesty and other things vendors typically don’t seem to have.
I say that folks like Adobe should have even MORE interest in things like Immunity Early Access PLUS. I mean really, why should I have to play middle-man between the researcher who wrote the plug-in and the vendor with the bug? Because Adobe and others think they’re above paying a third party for insight into their own product’s quality.
This vulnerability is originates from CVE-2006-3459 was reported by Tavis Ormandy, Google Security Team. Adobe just fixed AcroForm.api file ,but ImageConversion.api still have a vulnerability too.
via Security-Sucks » CVE-2010-0188, APSB10-07 PDF Exploit demonstration.
Posted: February 24th, 2010
at 9:16pm by tan
Tagged with AcroForm.api, Adobe, Canvas, CERT, CVE-2006-3459, Google Security Team, ImageConversion.api, Tavis Ormandy, vulndisco
Categories: Breaking News
Comments: No comments
HNNCast110609
HNNCast for the First Week of November, 2009
Also on YouTube (for 3GP mobile or 720p true HD users):
PART 1: Lead Stories and News
PART 2: Quickies
Lead Stories:
- YouLostIt CEO DDoS, Matt56444 Suicide, TCNiSO.net Indictment, IETF SSL Revamp, Disk Space Invaders
News:
- NK Officially to Blame by SK, Swedish Sites Swim with Fishes, the Evil Maid from Mossad
- Courtnee: Lockpicking
- iPhone Jailbreak Advisory, Copyright Wrongs, Money Mules Move Megabucks
Quickies:
- Str0ke’s Not Dead, DHS CERT, Round 1 Schmoo Tix Sold-Out, da p00p on w00p, This Week’s Worm Farm, KiwiCon Speakers Announced, B-Sides on Both Sides, QuahogCon CFP, NYC CSAW Awards, OSVDB Plea, SecurityTubeCon this Weekend, HitB CTF Binaries Posted, Spanish Systems Need a Scrub-Down
Stack of Shame:
- 110
Book Recommendation:
Lockpicking Related:
Easy Access and Inflate-A-Wedge Kit - 2-Pc
Mr. Smith's 11-Piece Professional Locksmith Lockpicking Kit
Slim Jim Universal Lock Out Tool SetPosted: November 7th, 2009
at 2:53am by tan
Tagged with "North Korea", "South Korea", Amelia Andersdotter, AppacheBench, CERT, computer intrusion wirefraud, Conficker, conspiracy, CSAW, CTF, DDoS, DerEngel, DHS, Evil Maid, FBI, FDIC, Grumblar, HITB, IETF, indictment, iPhone, jailbreak, Khalid Shaikh, kiwicon, m00p, mail fraud, maleware, matt56444, milw0rm, Money Mule, Mossad, Motorola Surfboard, National Cybersecurity and Communications Integration Center, NCCIC, NYU, Opachki, OSVDB, PandaLabs, Pirate Bay, Pirate Party, Plötzensee, QuahogCon, Ryan Harris, Schmoocon, Schueler VZ, Security B-Sides, SecurityTube, SecurityTubeCon, Space Invaders, SSL, str0ke, Taterf, TCN-ISO.NET, TLS, Trojan, worm, YouSendIt, YouTube, Zach Gage, Zeus
Comments: 2 comments
