Wouldn't it make sense for Adobe follow MS Office's strategy and consider all documents "unsafe" and not run any code unless the document is deemed "trusted" by the user? All MS jokes aside, I thought this security feature is pretty useful.
MS On Tue, Nov 16, 2010 at 2:15 PM, <[email protected]> wrote: > Agreed. In addition to the usual best practices of different trust > domains/segmentation, patching, disabling javascript and opening of non-pdf > documents within acrobat, etc, I would recommend not overlooking the last > three layers of defense-in-depth : good luck charms, prayer, and a good > incident response plan. > > Bart > > Sent from my Verizon Wireless BlackBerry > ------------------------------ > *From: * Kevin Shaw <[email protected]> > *Date: *Tue, 16 Nov 2010 13:03:06 -0500 > *To: *PaulDotCom Security Weekly Mailing List< > [email protected]> > *Cc: *[email protected]<[email protected]> > *Subject: *Re: [Pauldotcom] Advice on doc format to see for review to > securityfolks > > Is the document viewer on (most) Linux distributions any safer? I wouldn't > recommend an OS change to customers, I'm just curious. > > My tactic with these problems is to emphasize user education and safer > browsing as well as 'vetting' from where they're getting documents. I also > encourage digital signatures and "workflow" style document control if the > environment has that many documents especially PDFs. > On Nov 16, 2010 12:32 PM, "Butturini, Russell" < > [email protected]> wrote: > > Yeah me too...I take no shame in being 0wned by the great Irongeek! :-) > > > > -----Original Message----- > > From: [email protected] [mailto: > [email protected]] On Behalf Of [email protected] > > Sent: Tuesday, November 16, 2010 9:44 AM > > To: PaulDotCom Security Weekly Mailing List > > Subject: Re: [Pauldotcom] Advice on doc format to see for review to > securityfolks > > > > Use whatever format you like (except silverlight <grin>) I am fairly > paranoid and open documents in different "trust zones" regardless of who > sends it. I have gotten pwned in the past by people I trusted not because of > them being untrustworthy but because they were pwned also. I just assume > anything can be infected now. Also, you can still be a victim of goatse in > ASCII. ;) > > > > Anytime you want someone to review something let me know. If I don't have > other pending commitments, I'll look it over. > > > > Bart > > > > > > Sent from my Verizon Wireless BlackBerry > > > > -----Original Message----- > > From: Adrian Crenshaw <[email protected]> > > Sender: [email protected] > > Date: Tue, 16 Nov 2010 09:09:14 > > To: PaulDotCom Security Weekly Mailing List< > [email protected]> > > Reply-To: PaulDotCom Security Weekly Mailing List > > <[email protected]> > > Subject: [Pauldotcom] Advice on doc format to see for review to security > > folks > > > >_______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > >_______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > > > > > > > ****************************************************************************** > > This email contains confidential and proprietary information and is not > to be used or disclosed to anyone other than the named recipient of this > email, > > and is to be used only for the intended purpose of this communication. > > > ****************************************************************************** > >_______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
