Adobe product vulnerabilities - implications on Linux?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Adobe products, especially its Acrobat Reader and Flash, are likely to replace Microsoft Office as the No. 1 software target.
I don't use Acrobat Reader (nor writer for that matter) on Linux. However, Flash seems to be a critical component necessary to access many web sites both for content such as embedded videos and for security purposes (flash objects used by banks to identify a particular computer). I am not aware of what form the expected attacks would take. I would be interested in other folks thoughts on the implications for Linux. Would an attack on Flash have the same impact on a browser on Linux as one on Windows?
The implications for Linux specifically would probably be the same as any other potential software exploits. By it's nature Linux uses sane permission practices to avoid allowing malware to have a field day with your data. However I do think it will be interesting to see what happens with these services in regards to OS independent malware. If the service lives entirely on the web running from within your browser it could lead to some interesting problems, imagine going to some site and playing their embedded video using flash but the flash player is really spying on you. I don't know how feasible that is, but I'm sure people are trying to figure out how to make that possible. At the end of the day having good security practices and using common sense will still be your defense against any possible threats that come from any web services. I use script/flash/java blocking addons in my browser, so only websites I explicitly allow can execute anything.
I also use NoScript and AdBlock Plus in Firefox. I think I will ask financial institutions which I deal with what actions they are taking with regards to this as Flash objects seem to be key to their security models. Should result in some amusing if not pathetic responses.
Perhaps the safest thing to do is say the heck with eCommerce, go back to banking and shopping by phone, and just use the Internet for download pornography - as it was originally intended
Actually, I'm quite sure that most of the flash exploits are quite portable to all other OSs and even to other programs that implement flash, like gnash. If you want to keep using flash and feel safe them see: http://www.linuxquestions.org/questi...ashers-779530/
Quote:
Originally Posted by taylorkh
Perhaps the safest thing to do is say the heck with eCommerce, go back to banking and shopping by phone, and just use the Internet for download pornography - as it was originally intended
Yes, yes, I totally agree
However, there was a strange thing I heard recently, some banks do this (from what I remember):
The bank gives you something like a pager where you put in your password or pin or whatever, and it gives you a login name and password for the bank website, which is only available for like 30 seconds. Then you login, do the transaction and logout. To me this seems like a reasonable and interesting way of authenticating a user. I can't imagine how this could be easily hacked.
However, there was a strange thing I heard recently, some banks do this (from what I remember):
The bank gives you something like a pager where you put in your password or pin or whatever, and it gives you a login name and password for the bank website, which is only available for like 30 seconds. Then you login, do the transaction and logout.
Sounds like you're referring to security tokens with synchronized one-time passwords.
The CVEs are normally written in plain english, and give a rough overview of the nature of the vulnerability, affected platforms, and so on.
It's very difficult to predict how future vulnerabilities will apply to the various OSs that the player runs on, but it seems certain there will be many more and that they'll be weird bugs.
I have looked at some info on "Hack A Day Post" - interesting.
The system you describe sounds like a Radius server system I used for VPN some years ago. I was issued a key fob sort of device which produced a seemingly random 6 digit number every 60 seconds or so. To authenticate with the VPN I would enter my credentials and then the current number on the fob. If (when) the fob got out of sync with the Radius server a call to the admin would get it back in sync. Quite a neat system.
Hi win32sux,
Yes win 32 sux but it is doing better for me at the moment than Ubuntu 9.10. Unfortunately I have been unable to install 8.04 LTS on my new machine and am having to get some things done with an XP VM running on VMWare on the 9.10 box
And Thanks to GooseYArd,
I will keep an eye on the National Vulnerability Database. However, I a am afraid that out major Vulnerability is our citizens who expect the government to do FOR them thus the elect idiots and worse who do TO us. Sorry, wrong forum
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.