Re: FoxIT reader vulnerability
On 15 Jan 2013 at 15:29, Matthew W. Ross wrote: Doesn't Adobe (and possibly other PDF viewers) include PDF rendering with javascript now? I just want a dumb .pdf reader. Is it just me? Try SumatraPDF -- very lightweight. Browser plugin available, but you can turn that off. It's what I use by default. I'll keep a portable copy of Foxit Reader around for those few PDFs which need scripting enabled. Links: http://blog.kowalczyk.info/software/sumatrapdf/free-pdf-reader.html http://portableapps.com/apps/office/foxit_reader_portable HTH Angus PS there's also a portable version of Java you can plug in to a portable browser for those rare occasions when you need a Java-enabled browser. http://portableapps.com/apps/utilities/java_portable ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: FoxIT reader vulnerability
By default yes Adobe renders PDF with Javascript, which allows both good and evil javascript to execute, as we all know the various flaws in adobe, this definitely leads to an attack vector which has been exploited time and time again. But seriously I still see Java as the bigger threat, and as others have said it will continue to be this for years to come. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Tuesday, January 15, 2013 6:30 PM To: NT System Admin Issues Subject: Re: FoxIT reader vulnerability Doesn't Adobe (and possibly other PDF viewers) include PDF rendering with javascript now? I just want a dumb .pdf reader. Is it just me? --Matt Ross Ephrata School District - Original Message - From: Ben Scott [mailto:mailvor...@gmail.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Tue, 15 Jan 2013 14:46:31 -0800 Subject: Re: FoxIT reader vulnerability On Fri, Jan 11, 2013 at 10:50 AM, Richard McClary richard.mccl...@aspca.org wrote: http://www.theregister.co.uk/2013/01/11/foxit_pdf_plugin_vuln/ Just now checked the FoxIT web site. The currently offered version is 5.4.4.1128, which the article mentions as being vulnerable (as are older versions). May end up having to use Adobe anyway… I strongly suspect FoxIt licenses at least their core code from Adobe. Many features and vulnerabilities seem to track on a one-to-one basis. FoxIt is a lot more lightweight, though, so it prolly has a smaller attack surface overall. It may be they just don't include all the bloat that Adobe does. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: FoxIT reader vulnerability
Took Fortran in College, honestly, hated it... but alas I am an engineer not a code writer :) Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, January 15, 2013 9:49 PM To: NT System Admin Issues Subject: Re: FoxIT reader vulnerability I took USCD Pascal, RPG III, COBOL, Fortran, 360 assembler, JCL and probably a couple of other languages as well in a failed attempt at an Associates about then. I heard of the language about then as well, but didn't try to tackle it until I had an Amiga. None of it really stuck - I just wasn't of a mindset to sit and program, and I would have been a whole lot better off if I had been. Kurt On Tue, Jan 15, 2013 at 5:06 PM, Michael B. Smith mich...@smithcons.com wrote: I learned Forth when I was 17, in 1980. It blew my mind. Before that, I knew WATFOR, UCSD Pascal, 6502 assembler, and 8008 assembler. Forth's RPN and its low-level power made me feel as if I could do anything! :) -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, January 15, 2013 7:51 PM To: NT System Admin Issues Subject: Re: FoxIT reader vulnerability On Tue, Jan 15, 2013 at 4:45 PM, Ben Scott mailvor...@gmail.com wrote: On Tue, Jan 15, 2013 at 6:29 PM, Matthew W. Ross mr...@ephrataschools.org wrote: Doesn't Adobe (and possibly other PDF viewers) include PDF rendering with javascript now? I just want a dumb .pdf reader. Is it just me? The real irony here is that Adobe originally created PDF to be a safe version of PostScript[1] -- basically disabling the capabilities beyond what's needed to display static content on a page. Those who don't learn from history... -- Ben [1] PostScript can do all sorts of things, including file I/O. Someone implemented a web server in PostScript. PostScript: A Forth generation language... Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: FoxIT reader vulnerability
I'm no security expert, but here's a counterpoint on why Adobe Reader would be (in my mind) a bigger threat: * Everybody opens PDFs every day. * There is no did you want to open this prompt for a PDF. * There is (as far as I know) no certificated PDF, or if there is, I have never seen it used. The opposite is true for Java. * Java is used every day, but not nearly to the extent of PDF. * Java will ask if you intended to open the plugin. * Java does allow for signed certificates for validation. I am not arguing which one is worse, because I don't know. But the conversation is interesting to me. --Matt Ross Ephrata School District - Original Message - From: Ziots, Edward [mailto:ezi...@lifespan.org] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Wed, 16 Jan 2013 02:39:02 -0800 Subject: RE: FoxIT reader vulnerability By default yes Adobe renders PDF with Javascript, which allows both good and evil javascript to execute, as we all know the various flaws in adobe, this definitely leads to an attack vector which has been exploited time and time again. But seriously I still see Java as the bigger threat, and as others have said it will continue to be this for years to come. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Tuesday, January 15, 2013 6:30 PM To: NT System Admin Issues Subject: Re: FoxIT reader vulnerability Doesn't Adobe (and possibly other PDF viewers) include PDF rendering with javascript now? I just want a dumb .pdf reader. Is it just me? --Matt Ross Ephrata School District - Original Message - From: Ben Scott [mailto:mailvor...@gmail.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Tue, 15 Jan 2013 14:46:31 -0800 Subject: Re: FoxIT reader vulnerability On Fri, Jan 11, 2013 at 10:50 AM, Richard McClary richard.mccl...@aspca.org wrote: http://www.theregister.co.uk/2013/01/11/foxit_pdf_plugin_vuln/ Just now checked the FoxIT web site. The currently offered version is 5.4.4.1128, which the article mentions as being vulnerable (as are older versions). May end up having to use Adobe anyway… I strongly suspect FoxIt licenses at least their core code from Adobe. Many features and vulnerabilities seem to track on a one-to-one basis. FoxIt is a lot more lightweight, though, so it prolly has a smaller attack surface overall. It may be they just don't include all the bloat that Adobe does. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: FoxIT reader vulnerability
* Java will ask if you intended to open the plugin. Which leads to users spamming yes without thinking. * Java does allow for signed certificates for validation. Let's reword this, Java allows for SELF signed certificates for validation. I know someone in the security field that owns an LLC in Ohio called 'Trusted Publisher' and he has self signed certs for Java that say exactly that. Cost him 50 bucks to get it done. Guess what his success rate is on phish emails that link to a java that pops 'Trusted Publisher' on the warning? -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Wednesday, January 16, 2013 11:33 AM To: NT System Admin Issues Subject: RE: FoxIT reader vulnerability I'm no security expert, but here's a counterpoint on why Adobe Reader would be (in my mind) a bigger threat: * Everybody opens PDFs every day. * There is no did you want to open this prompt for a PDF. * There is (as far as I know) no certificated PDF, or if there is, I have never seen it used. The opposite is true for Java. * Java is used every day, but not nearly to the extent of PDF. * Java will ask if you intended to open the plugin. * Java does allow for signed certificates for validation. I am not arguing which one is worse, because I don't know. But the conversation is interesting to me. --Matt Ross Ephrata School District - Original Message - From: Ziots, Edward [mailto:ezi...@lifespan.org] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Wed, 16 Jan 2013 02:39:02 -0800 Subject: RE: FoxIT reader vulnerability By default yes Adobe renders PDF with Javascript, which allows both good and evil javascript to execute, as we all know the various flaws in adobe, this definitely leads to an attack vector which has been exploited time and time again. But seriously I still see Java as the bigger threat, and as others have said it will continue to be this for years to come. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Tuesday, January 15, 2013 6:30 PM To: NT System Admin Issues Subject: Re: FoxIT reader vulnerability Doesn't Adobe (and possibly other PDF viewers) include PDF rendering with javascript now? I just want a dumb .pdf reader. Is it just me? --Matt Ross Ephrata School District - Original Message - From: Ben Scott [mailto:mailvor...@gmail.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Tue, 15 Jan 2013 14:46:31 -0800 Subject: Re: FoxIT reader vulnerability On Fri, Jan 11, 2013 at 10:50 AM, Richard McClary richard.mccl...@aspca.org wrote: http://www.theregister.co.uk/2013/01/11/foxit_pdf_plugin_vuln/ Just now checked the FoxIT web site. The currently offered version is 5.4.4.1128, which the article mentions as being vulnerable (as are older versions). May end up having to use Adobe anyway… I strongly suspect FoxIt licenses at least their core code from Adobe. Many features and vulnerabilities seem to track on a one-to-one basis. FoxIt is a lot more lightweight, though, so it prolly has a smaller attack surface overall. It may be they just don't include all the bloat that Adobe does. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums
Re: FoxIT reader vulnerability
On Fri, Jan 11, 2013 at 10:50 AM, Richard McClary richard.mccl...@aspca.org wrote: http://www.theregister.co.uk/2013/01/11/foxit_pdf_plugin_vuln/ Just now checked the FoxIT web site. The currently offered version is 5.4.4.1128, which the article mentions as being vulnerable (as are older versions). May end up having to use Adobe anyway… I strongly suspect FoxIt licenses at least their core code from Adobe. Many features and vulnerabilities seem to track on a one-to-one basis. FoxIt is a lot more lightweight, though, so it prolly has a smaller attack surface overall. It may be they just don't include all the bloat that Adobe does. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: FoxIT reader vulnerability
Doesn't Adobe (and possibly other PDF viewers) include PDF rendering with javascript now? I just want a dumb .pdf reader. Is it just me? --Matt Ross Ephrata School District - Original Message - From: Ben Scott [mailto:mailvor...@gmail.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Tue, 15 Jan 2013 14:46:31 -0800 Subject: Re: FoxIT reader vulnerability On Fri, Jan 11, 2013 at 10:50 AM, Richard McClary richard.mccl...@aspca.org wrote: http://www.theregister.co.uk/2013/01/11/foxit_pdf_plugin_vuln/ Just now checked the FoxIT web site. The currently offered version is 5.4.4.1128, which the article mentions as being vulnerable (as are older versions). May end up having to use Adobe anyway… I strongly suspect FoxIt licenses at least their core code from Adobe. Many features and vulnerabilities seem to track on a one-to-one basis. FoxIt is a lot more lightweight, though, so it prolly has a smaller attack surface overall. It may be they just don't include all the bloat that Adobe does. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: FoxIT reader vulnerability
E-reader...although for all I know they do extra crap too. -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Tuesday, January 15, 2013 3:30 PM To: NT System Admin Issues Subject: Re: FoxIT reader vulnerability Doesn't Adobe (and possibly other PDF viewers) include PDF rendering with javascript now? I just want a dumb .pdf reader. Is it just me? --Matt Ross Ephrata School District - Original Message - From: Ben Scott [mailto:mailvor...@gmail.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Tue, 15 Jan 2013 14:46:31 -0800 Subject: Re: FoxIT reader vulnerability On Fri, Jan 11, 2013 at 10:50 AM, Richard McClary richard.mccl...@aspca.org wrote: http://www.theregister.co.uk/2013/01/11/foxit_pdf_plugin_vuln/ Just now checked the FoxIT web site. The currently offered version is 5.4.4.1128, which the article mentions as being vulnerable (as are older versions). May end up having to use Adobe anyway… I strongly suspect FoxIt licenses at least their core code from Adobe. Many features and vulnerabilities seem to track on a one-to-one basis. FoxIt is a lot more lightweight, though, so it prolly has a smaller attack surface overall. It may be they just don't include all the bloat that Adobe does. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: FoxIT reader vulnerability
They all seem to have Javascript in them. Adobe has at least since version 6. Always had to disable it. I've been in love with NitroPDF for over a year, but sadly noticed even they had a Javascript checkbox their options. And enable by default. I disable it across the boards with no Ill effects. -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Tuesday, January 15, 2013 5:30 PM To: NT System Admin Issues Subject: Re: FoxIT reader vulnerability Doesn't Adobe (and possibly other PDF viewers) include PDF rendering with javascript now? I just want a dumb .pdf reader. Is it just me? --Matt Ross Ephrata School District - Original Message - From: Ben Scott [mailto:mailvor...@gmail.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Tue, 15 Jan 2013 14:46:31 -0800 Subject: Re: FoxIT reader vulnerability On Fri, Jan 11, 2013 at 10:50 AM, Richard McClary richard.mccl...@aspca.org wrote: http://www.theregister.co.uk/2013/01/11/foxit_pdf_plugin_vuln/ Just now checked the FoxIT web site. The currently offered version is 5.4.4.1128, which the article mentions as being vulnerable (as are older versions). May end up having to use Adobe anyway… I strongly suspect FoxIt licenses at least their core code from Adobe. Many features and vulnerabilities seem to track on a one-to-one basis. FoxIt is a lot more lightweight, though, so it prolly has a smaller attack surface overall. It may be they just don't include all the bloat that Adobe does. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: FoxIT reader vulnerability
On Tue, Jan 15, 2013 at 6:29 PM, Matthew W. Ross mr...@ephrataschools.org wrote: Doesn't Adobe (and possibly other PDF viewers) include PDF rendering with javascript now? I just want a dumb .pdf reader. Is it just me? The real irony here is that Adobe originally created PDF to be a safe version of PostScript[1] -- basically disabling the capabilities beyond what's needed to display static content on a page. Those who don't learn from history... -- Ben [1] PostScript can do all sorts of things, including file I/O. Someone implemented a web server in PostScript. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: FoxIT reader vulnerability
On Tue, Jan 15, 2013 at 4:45 PM, Ben Scott mailvor...@gmail.com wrote: On Tue, Jan 15, 2013 at 6:29 PM, Matthew W. Ross mr...@ephrataschools.org wrote: Doesn't Adobe (and possibly other PDF viewers) include PDF rendering with javascript now? I just want a dumb .pdf reader. Is it just me? The real irony here is that Adobe originally created PDF to be a safe version of PostScript[1] -- basically disabling the capabilities beyond what's needed to display static content on a page. Those who don't learn from history... -- Ben [1] PostScript can do all sorts of things, including file I/O. Someone implemented a web server in PostScript. PostScript: A Forth generation language... Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: FoxIT reader vulnerability
I learned Forth when I was 17, in 1980. It blew my mind. Before that, I knew WATFOR, UCSD Pascal, 6502 assembler, and 8008 assembler. Forth's RPN and its low-level power made me feel as if I could do anything! :) -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, January 15, 2013 7:51 PM To: NT System Admin Issues Subject: Re: FoxIT reader vulnerability On Tue, Jan 15, 2013 at 4:45 PM, Ben Scott mailvor...@gmail.com wrote: On Tue, Jan 15, 2013 at 6:29 PM, Matthew W. Ross mr...@ephrataschools.org wrote: Doesn't Adobe (and possibly other PDF viewers) include PDF rendering with javascript now? I just want a dumb .pdf reader. Is it just me? The real irony here is that Adobe originally created PDF to be a safe version of PostScript[1] -- basically disabling the capabilities beyond what's needed to display static content on a page. Those who don't learn from history... -- Ben [1] PostScript can do all sorts of things, including file I/O. Someone implemented a web server in PostScript. PostScript: A Forth generation language... Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: FoxIT reader vulnerability
I took USCD Pascal, RPG III, COBOL, Fortran, 360 assembler, JCL and probably a couple of other languages as well in a failed attempt at an Associates about then. I heard of the language about then as well, but didn't try to tackle it until I had an Amiga. None of it really stuck - I just wasn't of a mindset to sit and program, and I would have been a whole lot better off if I had been. Kurt On Tue, Jan 15, 2013 at 5:06 PM, Michael B. Smith mich...@smithcons.com wrote: I learned Forth when I was 17, in 1980. It blew my mind. Before that, I knew WATFOR, UCSD Pascal, 6502 assembler, and 8008 assembler. Forth's RPN and its low-level power made me feel as if I could do anything! :) -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, January 15, 2013 7:51 PM To: NT System Admin Issues Subject: Re: FoxIT reader vulnerability On Tue, Jan 15, 2013 at 4:45 PM, Ben Scott mailvor...@gmail.com wrote: On Tue, Jan 15, 2013 at 6:29 PM, Matthew W. Ross mr...@ephrataschools.org wrote: Doesn't Adobe (and possibly other PDF viewers) include PDF rendering with javascript now? I just want a dumb .pdf reader. Is it just me? The real irony here is that Adobe originally created PDF to be a safe version of PostScript[1] -- basically disabling the capabilities beyond what's needed to display static content on a page. Those who don't learn from history... -- Ben [1] PostScript can do all sorts of things, including file I/O. Someone implemented a web server in PostScript. PostScript: A Forth generation language... Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: FoxIT reader vulnerability
I still have to recommend Evince. Small, Fast, Open source, and MSI installer for Windows. http://projects.gnome.org/evince/ --Matt Ross Ephrata School District - Original Message - From: Richard McClary [mailto:richard.mccl...@aspca.org] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Fri, 11 Jan 2013 07:50:40 -0800 Subject: FoxIT reader vulnerability Greetings! http://www.theregister.co.uk/2013/01/11/foxit_pdf_plugin_vuln/ Just now checked the FoxIT web site. The currently offered version is 5.4.4.1128, which the article mentions as being vulnerable (as are older versions). May end up having to use Adobe anyway... -- richard The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
