Javascript + Adobe; you got your exploit in my vulnerability ...

Subject: General Tech | February 21, 2013 - 05:27 PM |
Tagged: Adobe, firefox, pdf, javascript, fud

What could possibly go wrong by combining two of malwares most favourite security holes into one?  With FoxIt recently sprouting leaks and Adobe's continual duct taping of it's Reader, reading PDFs online is a great way to catch something nasty. Then again, there is always malformed Javascript commands and links which are another very popular way to give your PC a cybernetically transmitted disease.  The new Firefox combines the two in their latest version, 19.0, which is currently in beta testing and it uses an open sourced Javascript add on to open PDFs online, which will likely improve the responsiveness and loading time of PDF links.  The real question won't be answered until use of this new add on becomes commonplace and we find out if the two combine into some a gaping new hole into your PC or if somehow mismatched vulnerabilities will combine to create an actual secure way to read PDFs.  Then again, maybe it will not introduce anything new at all.  More at The Register or grab the latest Firefox and try it yourself.

RememberThatCommercial.jpg

"Mozilla's Firefox web browser now includes a built-in PDF viewer - allowing users to bin plugins from Adobe and other developers.

The move to run third-party PDF file readers out of town comes after security holes were discovered in closed-source add-ons from FoxIt and Adobe. The new built-in document viewer is open source, just like Firefox, and is written in JavaScript."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

CS6 OpenCL support -- not quite hardware acceleration for all

Subject: General Tech, Graphics Cards | May 19, 2012 - 07:27 AM |
Tagged: Adobe, CS6, gpgpu

Last month, SemiAccurate reported that Adobe Creative Suite 6 would be programmed around OpenCL which would allow any GPU to accelerate your work. Adobe now claims that OpenCL would only accelerate the HD6750M and the HD6770M running on OSX Lion with 1GB of vRAM on a MacBook Pro at least for the time being at least for Adobe Premiere Pro.

Does it aggravate you when something takes a while or stutters when you know a part of your PC is just idle?

Adobe has been increasingly moving to take advantage of the graphics processor available in your computer to benefit the professional behind the keyboard, mouse, or tablet. CS 5.5 pushed several of their applications on to the CUDA platform. End-users claim that Adobe sold them out for NVIDIA but that just seems unlikely and unlike either company. My prediction is and always was more that NVIDIA parachuted in some engineers to Adobe and their help was limited to CUDA.

Creative Suite 6 further suggests that I was correct as Adobe has gone back and re-authored much of those features in OpenCL.

AdobeCSOpenCL.png

Isn't it somewhat ironic that insanity is a symptom of mercury poisoning?

AMD as a hatter!

CS6 will not execute on just any old GPU now despite the wider availability of OpenCL relative to the somewhat NVIDIA proprietary CUDA. While the CUDA whitelist currently extends to 22 Windows NVIDIA GPUs and 3 Mac OSX NVIDIA GPUs current OpenCL support is limited to a pair of AMD-based OSX Lion mobile GPUs: the 6750M and the 6770M.

It would not surprise me if other GPUs would accelerate CS6 if manually added to a whitelist. Adobe probably is very conservative with what components they add to the whitelist in an effort to reduce support costs. That does not mean that you will see benefits even if you trick Adobe into accepting hardware acceleration though.

It appears as if Adobe is working towards using the most open and broad standards -- they just are doing it at their own pace this time. This release was obviously paced for Apple support.

Source: Adobe

IOLO U-NO-LOL. Ed Bott not amused by system optimizer ad

Subject: General Tech | March 30, 2012 - 08:36 AM |
Tagged: IOLO, Adobe

A recent Adobe auto update included a poorly labeled advertisement for IOLO System Checkup. The ad urges you to purchase System Checkup by dramatizing mundane events on your PC to be remedied only by their paid product. The scan also fails to alert for issues which actually are serious and commonplace.

Adobe has been known to be slightly haphazard with using their update application for advertising purposes. If you are not ever vigilant it is possible that your computer could be gifted a trial of McAfee antivirus or something.

An advertisement for System Checkup by IOLO has recently been added to the site you are directed to after a manual update of Flash. Upon running the “Free PC Health Check” you are prompted to purchase the full product to fix the problems it finds. Ed Bott over at ZDNet takes exception with the advertisement.

IOLOL.png

At least it does not cripple your machine until you pay.

Ed Bott complains about the advertisement, and Adobe’s distribution of it, on two main grounds: the scanner urges you to fix things that do not need to be fixed allegedly to alarm you and it fails to warn you about things that you should be alarmed about.

Throughout the article, he runs the scanner a couple of times on a couple of setups and discusses the issues it claims to have found and points out what it should have detected but failed to.

First and foremost if software wishes to protect your PC from attack it should, at the very least, ensure that you are patched. On a completely unpatched machine, the scanner did not even try to warn the user to update their operating system.

Likewise, the application claimed that the user’s RAM required defragmentation. Most of our users should be aware of defragmenting, what it does, and why it is not useful for SSDs. Extrapolate that thought to RAM.

The moral of this story is to be absolutely careful about what you run on your PC. While the scanner itself is harmless outside of alarmism, there are plenty of others which are malicious. Even if you trust the site, it is possible that the website could have been compromised by an attack and forced to deliver you malicious content.

While, again, this situation is not malicious -- just feels annoying and grossly misleading -- it should be one more event to teach you that the only thing to keep your computing device safe and properly functioning is your constant vigilance.

Source: ZDNet

64 Bit Flash Support Returns To Linux With Flash Player 11

Subject: General Tech | July 15, 2011 - 06:50 AM |
Tagged: linux, flash, Adobe

Linux, once the beholder of 64 bit versions of the Adobe Flash plug-in, has been without any form of 64 bit support for the past few iterations (since version 10.1 to be more specific); however, Adobe has finally reinstated support for the 64 bit Linux version with the newly announced Adobe Flash Player 11 Beta. Currently only available on the desktop (Adobe claims the mobile version is coming soon), the new beta brings a new method of 2D and 3D rendering dubbed the Stage 3D API. This new API uses GPU-acceleration to speed up rendering across “multiple screens and devices.” Support for H.264/AVC SW camera encoding and Native JSON (JavaScript Object Notation) are also features of the beta.

flashlinux.png

The announcement also briefly covers the improved security measures, specifically those that relate to GPU-acceleration. The new Stage 3D rendering API includes a new simple shader language dubbed AGAL (Adobe Graphics Assembly Language) that prohibits loops or functions inside shaders. Further, Adobe has added restrictions to the API to limit the number of calls per frame in an attempt to mitigate DDoS attacks.

The new desktop beta is available now for download. 64 bit Linux users rejoice, for the necessary evil that is Flash has returned to you.

Source: Adobe