[funsec] Adobe 0-day in the wild
AlexE at sunbelt-software.com
Sat Feb 21 21:02:51 CST 2009
Fwiw, there are snort rules avail
From: funsec-bounces at linuxbox.org [mailto:funsec-bounces at linuxbox.org]
On Behalf Of Rich Kulawiec
Sent: Saturday, February 21, 2009 5:50 PM
To: funsec at linuxbox.org
Subject: Re: [funsec] Adobe 0-day in the wild
On Sat, Feb 21, 2009 at 11:47:20AM -0800, nick hatch wrote:
> Our current mitigation strategy is begging our users to be safe. Ugh.
Why not encourage them to switch to open-source software?
(As I've said elsewhere, "closed source" == "faith-based security".)
It's not a panacea of course, but (a) open-source projects tend to
respond much faster and (b) if they don't respond sufficiently quickly,
user communities can and will develop their own fixes.
Of course, I don't know whether any of the numerous open-source PDF
handlers out there will meet your particular needs; but if they don't,
then maybe the best approach is to discuss the situation with them and
figure out how to make it happen -- in which case everyone wins.
(I've found it, on occasion, *extremely* cost-effective to fund a little
development on a particular feature or two. Amounts which wouldn't even
buy a year of support for a single-user license turn out to buy a lot
more when directed at low-budget projects.)
Fun and Misc security discussion for OT posts.
Note: funsec is a public and open mailing list.
More information about the funsec