Don't EVER open any unsolicited file you recieve in an e-mail, regardless of file type/extension. I.E. If you didn't specifically ASK someone to send you that particular file, don't open it.
Ping
Ping
What! a secuity alert for the impenetrable Mac and Linux OSs,say it isn't so.
You would then keep all your important stuff on a separate user account that you never connect to the internet with.
Still a bit of a hassle but maybe it's come to that.
That Ethereal bug is fascinating. To think that it could get nailed by a malformed packet - how odd.
Slightly OT, but does anyone know how to report malware to MS? I had a colleague (so I thought anyway) send me a jpg by email the other day that was a bit more than it appeared. I did all of the standard stuff...checked extensions before opening, virus-scanned it, etc, and it came up clean, but when I opened it my entire system crashed HARD (explorer GPF'd...something I haven't seen Windows do in years). I ended up having to power-cycle a reboot. When my machine came up clean on a subsequent virus/malware scan, I checked it out a bit more (hey, I'm a computer programmer, so I have a bit of appreciation for a well written, non-destructive hack). I saved the file onto my desktop and when I minimized Outlook to start checking it out...without even opening the file...the system GPF'd again and had to be rebooted. I couldn't even log in to delete the file without it crashing my computer within moments. Booted into safe mode...same thing again.
I ended up having to dust off my boot floppy and delete the file from the command line to get rid of it. A little postmortem seemed to indicate that the JPEG was exploiting some kind of flaw in the feature that Win2k and WinXP utilizes to draw a thumbnail of an image to use as its icon. I'm fully patched up and am pretty sure that this isn't a known bug, but I don't know where this should be reported to. I knew how to delete it, but others may not be so lucky.
thanks.
Adobe security sucks (and I mean that as nicely as possible since I have friends who work there). Acrobat, and many pathetic attempts to secure PDF files, have never had good security. My belief of the main reason is that it was designed from the beginning to be very open, and it's hard to secure something started on that basis (kind of like Windows).
Downloads page:
http://www.adobe.com/support/downloads/main.html
Thanks for posting this article and helping to educate/inform us!
Adobe just released Acrobat Reader 7.0 which addresses the vulnerabilities of the previous version. Every one is urged to download and install it immediately to take advantage of the security enhancements as well as file reading improvements.