Forgot to state: I love Chinese. They negotiated with M$ to get the entire source code for the products and then found the ways to secure and insecure.
From: Soi, Dhruv [mailto:[email protected]] Sent: 07 January 2010 01:18 To: 'SUMAN SOURAV'; '[email protected]' Subject: RE: [Owasp-delhi] More attackers targeting Social Networking and software vendors sites Appreciate your comments. Here is another detailed analysis if you would like to go for Adobe: http://extraexploit.blogspot.com/2009/12/adobe-cve-2009-4324-in-wild-0day-pa rt_1766.html I think their patch is still awaited so leverage it, if this is indeed the case. Embedded objects shall remain a problem forever for MS/Adobe/Followers. From: [email protected] [mailto:[email protected]] On Behalf Of SUMAN SOURAV Sent: 06 January 2010 20:48 To: [email protected] Subject: Re: [Owasp-delhi] More attackers targeting Social Networking and software vendors sites Despite the fact that the majority of malware exploits use JavaScript to trigger an attack in Adobe's PDF Reader product, the company says it's impossible to completely remove JavaScript support without causing major compatibility problems. Read the detail from http://threatpost.com/en_us/blogs/despite-danger-adobe-says-javascript-suppo rt-important-010410?utm_source=Threatpost <http://threatpost.com/en_us/blogs/despite-danger-adobe-says-javascript-supp ort-important-010410?utm_source=Threatpost&utm_medium=Tabs&utm_campaign=Toda y%27s+Most+Popular> &utm_medium=Tabs&utm_campaign=Today%27s+Most+Popular Regards Suman _____ From: [email protected] [mailto:[email protected]] On Behalf Of Soi, Dhruv Sent: Wednesday, January 06, 2010 3:49 PM To: [email protected] Subject: [Owasp-delhi] More attackers targeting Social Networking and software vendors sites There has been massive increase in targeted attacks in last few months. Malware writers prefer to infect victims using vulnerabilities in Microsoft Products and Adobe. There has been increase in MS/Adobe 0-days that helps malware hop from one machine to another with its payload which most of the times reports to a botnet. Social networking websites like Twitter and Facebook are becoming prime source for attackers to carry targeted attacks. Recently Mcafee published a report on 2010 Threat prediction: http://www.mcafee.com/us/local_content/white_papers/7985rpt_labs_threat_pred ict_1209_v2.pdf Recently, we also found similar mass attack using MS Word vulnerability and detailed report has been published here: http://torridnetworks.com/index.php/case-studies/50-information-security/139 -malware-analysis-report-for-a-targeted-attack-via-word-document-carried-out -against-few-sensitive-email-accounts-belonging-to-elite-customer-of-torrid. html Also, many corporate are coming up with social media policy for all their employees while using social networking portals which I think makes lot of sense to protect corporate from identity theft. Is there something similar happening at your organization as well? Many Thanks, Dhruv Le e-mail provenienti dalla Sella Synergy India Private Ltd sono trasmesse in buona fede e non comportano alcun vincolo ne' creano obblighi per la Sella Synergy India Private Ltd stessa, salvo che cio' non sia espressamente previsto da un precedente accordo. Questa e-mail e' confidenziale. Qualora l'avesse ricevuta per errore, La preghiamo di comunicarne via e-mail la ricezione al mittente e di distruggerne il contenuto. La informiamo inoltre che l'utilizzo non autorizzato del messaggio o dei suoi allegati potrebbe costituire reato. Grazie per la collaborazione. E-mails from Sella Synergy India Ltd Private are sent in good faith but they are neither binding on the Sella Synergy India Private Ltd nor to be understood as creating any obligation on its part except where provided for an agreement. This e-mail is confidential. If you have received it by mistake, please inform the sender by reply e-mail and delete it from your system. Please also note that the unauthorized disclosure or use of the message or any attachments could be an offence. Thank you for your cooperation.
_______________________________________________ Owasp-delhi mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-delhi
