Homemade PDF Patch Beats Adobe By Two Weeks 238
CWmike writes "Sourcefire security researcher Lurene Grenier has published a home-brewed patch for the critical Adobe Reader vulnerability that hackers are exploiting in the wild using malicious PDF files, beating Adobe Systems Inc. to the punch by more than two weeks. Grenier posted the patch on Sunday with the caveats that it applies only to the Windows version of Adobe Reader 9.0 and comes with no guarantees. Also, PhishLabs has created a batch file that resets a Windows registry key to de-fang the hack by disabling JavaScript in Adobe Reader 9.0, giving administrators a way to automate the process."
Offensive (Score:0, Funny)
"This thing is so simple to use that you're grandmother could patch it."
As a 49 yo grandmother, c programmer and feminist, I find this offensive.
Re:Offensive (Score:2, Funny)
Thank you for letting the Slashdot community know what you find offensive... is this because you think it's interesting, or because you have no friends to talk with?
Re:JavaScript?! (Score:5, Funny)
Reply: Adobe to Lurene Grenier (Score:5, Funny)
Adobe to Lurene Grenier: You decompiled Acrobat in some way to create this fix, in violation of click-through license and DMCA (not to mention making us look incompetent.) We're suing you and we're going to make sure your government put you away in a pound-you-in-the-ass prison for a long long time.
Wow (Score:5, Funny)
You mean an individual who doesn't have a business to protect or any customers is able to come up with an un-QA'd version faster than the company that produced the product. Amazing!
Re:Offensive (Score:5, Funny)
I'll go for the secret third option, "because she's a feminist". Letting the world know what they find offensive is practically the feminists' national sport. Rather, it would be if they had their own country. And by God, I wish they did.
Articles reading the future? (Score:5, Funny)
What i find more interesting is how slashdot is now able to tell the future!
The article boldly claims that something released yesterday has arrived two weeks before the official patch. Now, i know it's possible that the two weeks was taken from Adobe's projected patch fix date, but projections and fact are still different, and journalistic integrity requires a writer in this situation to indicate directly that this two weeks is not actually fact, as we couldn't know that yet. The headline is an outright lie, as far as i can tell, as it relies on future events being a certain way.
Can we not have articles started with lies on slashdot from now on? Maybe keep the lies towards the end?
-Taylor
Re:Feature Request (Score:4, Funny)
How about: "Do you want to prevent the execution of possibly malicious code in this .PDF file?" [Yes][No].
If they select No, the next dialog is: "Fine. I've just opened all the ports on the computer, deleted the last 10 documents you opened up, and loaded up a couple trojans. Are you sure you want to run the executable code in this PDF file now?" [Yes][No].
This way, the user won't be taught to always select the same confirmation box all the time.
It's been Two Weeks since you made the patch ... (Score:5, Funny)
Lurene Grenier has published a home-brewed patch for the critical Adobe Reader vulnerability ... beating Adobe Systems Inc. to the punch by more than two weeks.
What the fuck Adobe? What did you do for those extra two weeks?
it applies only to the Windows version of Adobe Reader 9.0 and comes with no guarantees.
Oh ... I guess you were trying to make it work on all systems, and checking to make sure that it didn't royally fuck up the user's computer, or introduce another, potentially more serious vulnerability.
Re:Offensive (Score:3, Funny)
Really? (Score:5, Funny)
"caveats that it applies only to the Windows version of Adobe Reader 9.0 and comes with no guarantees."
My boss will be pleased. I can push all my releases up at LEAST two weeks earlier now by adding this caveat on to all of my code. Thanks, Geritol.
Re:Offensive (Score:5, Funny)
Yeah, you're right. It's terrible when people use an apostrophe when they mean "your".
Re:Offensive (Score:5, Funny)
Q: How many feminists does it take to change a lightbulb?
A: That is NOT funny.
Re:JavaScript?! (Score:5, Funny)
Then I quit drinking and realized Excel with tweaked permissions was far better suited to the task. It wasn't as smooth looking but it was easier for my staff to update.
Re:Offensive (Score:1, Funny)
A: Trick question, feminists can't change anything.
Re:Offensive (Score:3, Funny)
Dude, you should really be careful. I don't think you realize who you're talking to. [xkcd.com]
Posting AC is only going to keep you safe for so long.
That also goes for everyone who modded her down.
Re:Offensive (Score:5, Funny)
A: Four. One to change the lightbulb, three to form a support group.
But really, it's a trick question because feminists can't change anything.
Re:Offensive (Score:3, Funny)
Unrelated to the feminist jokes, but related to lightbulbs:
Q: How many psychiatrists does it take to change a lightbulb?
A: Only one, but the lightbulb has to want to change.
Re:Offensive (Score:1, Funny)
Re:Why doesn't anyone think javascript is useful? (Score:4, Funny)
I'm not sure I understand the overwhelmingly negative reaction to javascript in pdf files.
...
There are great ways to include animations directly in the pdf that use javascript.
Hmm.... I think I see a connection here.
Re:Feature Request (Score:5, Funny)
Re:JavaScript?! (Score:1, Funny)
I'm totally with you there. PDF is a document format - it's supposed to be and act like paper. And who in their right mind would put a FORM on paper and ask people to FILL IT OUT, thereby EDITING the paper document?
Verily, the mind boggles.
Comment removed (Score:3, Funny)