Parks, Raymond wrote:
We (SNL) did that briefly last summer because of the vulnerabilities
with Acrobat and Reader versions < 8.2. Once we got everyone converted
to 9.0, we allowed those attachments. I know it was a real problem
because we spearphished a customer with the Adobe vulnerability as part
of a red-team engagement.
It's also 9.0 vulnerability and Adobe doesn't expect to have a fix until
March 11 and earlier versions after that. Further they say that they
don't know if non-Adobe PDF readers are immune or not. This says to me
that they don't really know any details and are just relying on the
"cyber community" and the vendors to sort things out.
============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
lectures, archives, unsubscribe, maps at http://www.friam.org
