Flash attack may as well have been zero-day

يونيو 3, 2008

Guest Editorial by Dino Dai Zovi

Flash attack may as well have been zero-dayIt has almost been a week since the Adobe Flash zero-day attack false alarm.  Since then, a number of people have called Symantec out as being irresponsible for crying wolf and announcing the raising the ThreatCon without fully researching the vulnerability (Full disclosure: Based on that information, I wrote here that the exploit took advantage of a zero-day vulnerability before I had tested it on a patched system — I was more interested in reversing the malware payload at the time).

We must be careful, however, to make sure that the real lesson isn’t lost while we all breathe a collective sigh of relief: the vulnerability may as well have been zero-day.

أقرأ باقي الموضوع »

Dialog Box 20 years of Photoshop history

مايو 31, 2008

For the last 20 years, Adobe® Photoshop® software has allowed its users to push the boundaries of visual experience. From its beginning as a side project of an engineering graduate student, it has evolved into the most widely used creative product family in the world and had a profound impact on the way everyone views images. Every day, users turn to Photoshop applications to organize, refine, manipulate, and showcase digital images—often in ways that have never been seen before.

Photoshop products have always been driven by innovation. They have rewarded their users with the ability to bring their creative visions to reality through images. More importantly, those users have also rewarded Adobe with the inspiration to continuously expand the capabilities of the technology. Their ideas and innovative uses of the products have inspired Photoshop engineers to continually strive to expand the product’s possibilities.

As a result, the Photoshop family has grown to embrace a wide range of customers who use images to communicate what’s in their mind’s eye. While graphic artists were among the earliest users, they were joined over the years by web designers, video professionals, home users and, of course, professional photographers. Nowadays, a new class of 3D artists as well as doctors, architects, engineers, scientists and many more professionals are finding additional ways that Photoshop can help them bring their ideas to life.

Today, Adobe offers the right Photoshop for all types of users. Adobe Photoshop CS3 software (to come spring 2007) is available in two editions—Photoshop CS3, the professional standard that delivers groundbreaking tools for creating powerful images, and Photoshop CS3 Extended, which offers everything in Photoshop CS3 plus 3D and motion support and image analysis tools. Photoshop Lightroom™ is the photographer’s essential toolbox, simplifying workflow from shoot to finish and providing a complete photography solution when used with Photoshop CS3. Photoshop Elements combines power and simplicity so photography enthusiasts can do more with their photos. And for those just getting started in digital photography, Photoshop Album Starter Edition offers a quick and easy way to share memories.

Thanks to this rich heritage of innovation, and the ability to help a growing number of diverse customers through its product offerings, Photoshop has become the industry standard in digital imaging.

Adobe Dreamweaver New New (10.0 Build 3963 CS4 Beta)

مايو 31, 2008

Dreamweaver® CS4 : Adobe Dreamweaver New New (10.0 Build 3963 CS4 Beta)

Profesyonel Web geliştirmede endüstrinin tercihi

Dreamweaver® CS4, kullanıcıların standart tabanlı Web sitelerini ve İnternet uygulamalarını hızlı verimli bir biçimde tasarlamalarını, geliştirmelerini ve bunların bakımlarını yapmalarını sağlayan endüstri lideri web geliştirme aracıdır.

Dreamweaver® CS4 ile, web geliştiricileri basit web sitelerinden en iyi pratikleri ve en son teknolojileri destekleyen ileri uygulamalara kadar herşeyi baştan sona oluşturur ve bunların bakımlarını yaparlar. Dreamweaver® CS4 ile daha fazla iş üretin. Yeni özellikler ve optimize iş akışları ortak görevleri tamamlamak için gereken süreyi kısaltır. XML verilerini güçlü bir ‘sürükle ve bırak’ iş akışı ile bütünleştirin. Tasarım üzerindeki denetiminizi artırmak için yaklaştırın ve Code Collapse ile koda odaklanın.


Endüstrinin lider web tasarım araçı

Dünya çapında lider kabul edilen Web tasarım aracının gücünden ve esnek kullanımından faydalanın. Isterseniz tasarım ağırlıklı, isterseniz kod ağırlıklı çalışın yada ikisini bir arada yapın. Bırakın siz değil, yazılım size ayak uydursun ve bu sayede daha verimli çalışma fırsatı bulun.


Bütünleşik iş akışı

Adobe® Dreamweaver® CS4 ile yeni tasarımlar yaratın, elinizdeki projeleri geliştirin, içerik bakımı yapın ve akıllı entegrasyon sayesinde aynı zamanda Adobe Flash® CS4 Professional, Adobe Fireworks® CS4, Adobe Photoshop® CS4 ve Adobe Contribute® CS4 yazılımlarından faydalanın. Yeni Adobe Device Central CS4 ile mobil cihaz içeriği yaratın.


Desteklenen web dilleri

Adobe® Dreamweaver® CS4 günümüzün bütün programlama dillerini desteklemekte. Bunlar HTML, XHTML, CSS, XML, JavaScript, Ajax, PHP, Adobe ColdFusion®, ASP, ASP.NET, ve JSP’dir.


Zahmetsiz XML

XSL veya Ajax “Spry framework”‘ünü kullanarak kolayca XML içeriği ekleyin. Dreamweaver CS4 XML içeriğini anında gösterir; ister bir XML dosyasını, ister XML dosyası bulunan bir adresi kullanın. Görüntüledikten sonra sürükle bırak (drag&drop) ile istenilen opsiyonları sitenize ekleyin.


FLV desteği

Flash bilgisine gerekmeksizin sadece 5 hamle ile sitenize kolayca FLV içeriği ekleyin. Videolarınızı sitenize uyum sağlayacağı şekilde uyarlayın.


Dreamweaver topluluğu

Dreamwevar topluluğunun eşsiz avantajlarından faydalanın. Adobe Design Center ve Adobe Developer Center ile eğitim ve seminerlere ulaşın, kullanıcı forumlarında gezin ve Dreamweaver Exchange ile 1000′i aşan indirilebilir ek özellikleriyle Dreamweaver’e güç katın.


XML verileri ile görsel geliştirme

XML tabanlı verileri bütünleştirmek için basit ‘sürükle ve bırak’ iş akışı ile web sayfalarına RSS beslemeleri gibi güçlü, görsel araçlar kullanan XML ile hızınızı artırın. XML ve XSLT için geliştirilmiş kod yardımı kullanarak transformasyonu özeleştirmek üzere kod görünümüne atlayın.


Yeni, birleşik CSS paneli

Yeni, birleşik CSS paneli, sayfalara görsel olarak uygulanan CSS stillerini öğrenmek, anlamak ve onlarla çalışmak için tek adres sunar. Tüm CSS işlevselliği tek bir panel kümesinde toplanmış ve CSS ile çalışmayı daha kolay ve üretken hale getirmiştir. Yeni arabirim belirli bir elemana uygulanan stil basamaklarını görmeyi ve niteliklerin nerede tanımlandığını kolayca belirlemeye yardımcı olur. Bir özellik ızgarası hızlı düzenlemeye olanak sağlar.


Yakınlaştır

Yakınlaştırma ile tasarım üzerinde daha fazla kontrol sağlayın. Yaklaşın ve kompleks bir yuvalanmış tablo yerleşimi ile bir resmi veya işi denetleyin. Sayfanın bütününün nasıl görüneceğini gözden geçirmek için uzaklaşın.

Dreamweaver® CS4

Adobe Flash zero-day exploit in the wild

مايو 31, 2008

Malware hunters have spotted a previously unknown — and unpatched — Adobe Flash vulnerability being exploited in the wild.

The zero-day flaw has been added to the Chinese version of the MPack exploit kit and there are signs that the exploits are being injected into third-party sites to redirect targets to malware-laden servers.

Technical details on the vulnerability are not yet available.  Adobe’s product security incident response team is investigating.

This SecurityFocus advisory warns:

Adobe Flash Player is prone to an unspecified remote code-execution vulnerability.

An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Adobe Flash Player 9.0.115.0 and 9.0.124.0 are vulnerable; other versions may also be affected.

I’ve independently verified that redirection scripts have been posted on at least two Chinese-language Web sites to launch drive-by downloads of malware.   When the exploit fires, it checks the Flash version on the vulnerable computer and, depending on the result, it uses a different .SWF (shockwave) file to take complete control of the machine.

This threat should be considered very serious because of the widespread distribution that Adobe Flash enjoys on the Windows ecosystem.  If this exploit gets seeded on high-traffic Web sites, we could be in for a long clean-up operation.

More from the SANS ISC diary.

[ UPDATE: Continued investigation reveals this issue is fairly widespread. Malicious code is being injected into other third-party domains (approximately 20,000 web pages) most likely through SQL-injection attacks. The code then redirects users to sites hosting malicious Flash files exploiting this issue.]

Adobe Flash zero-day exploit in the wild

Adobe Flash drive-by attacks redux

مايو 28, 2008

Posted by Ryan Naraine

Adobe Flash drive-by attacks reduxAdobe has finally issued an almost-definitive statement on the reports of a zero-day attack targeting its flagship Flash Player, suggesting (kinda) that the vulnerability is already patched.

In a progress report posted to the official Adobe PSIRT blog, David Lenoe stops short of making definitive statements on the actual vulnerability, using phrases like “appears to be” and “should not be vulnerable” but it’s clear that Adobe believes these attacks are tied to an issue that was patched with Flash Player 9.0.124.0.

أقرأ باقي الموضوع »

Adobe Flash exploit raises concern

مايو 28, 2008

Legitimate Web sites hosting Adobe Flash Player content may be compromised to embed JavaScript that redirects users to a Chinese malware server, says Symantec. Affected versions of Adobe Flash Player include 9.0.124 .0 (latest version) and 9.0.115.0.

أقرأ باقي الموضوع »

Microsoft exec predicts big growth for Windows Mobile

مايو 28, 2008

Microsoft sees big growth for its Windows Mobile operating system.

A Microsoft executive in Asia told Reuters on Tuesday that sales will increase at least 50 percent over the next year as demand for smartphones picks up.

Eddie Wu, the software company’s managing director of OEM embedded devices in Asia, said the company expects to sell 20 million “units” of its software in the 2007-2008 fiscal year, which ends in June, according to the article. And the company expects to grow at least 50 percent annually over the next two years, he added. Microsoft sold more than 11 million units of its Windows Mobile software in its 2006-2007 fiscal year, which ended June a year ago.

أقرأ باقي الموضوع »

Adobe offers sneak peek of CS4 apps

مايو 28, 2008

Adobe Systems is offering two-day trials of three beta applications from its next Creative Suite package.

 

 

The previews of Dreamweaver for Web design, Fireworks for image editing, and Soundbooth for audio editing became available Monday.

Trials expire after 48 hours for most people, but registered CS3 users get to keep using the CS4 betas until the final applications replace them.

Adobe hasn’t publicly confirmed its planned shipping date or the name for the next Creative Suite, which we’re nicknaming CS4. Adobe Creative Suite 3 was released in March 2007.

أقرأ باقي الموضوع »

Adobe Fireworks CS4 Beta New New

مايو 28, 2008

Adobe Fireworks CS4 Beta Create, edit, and optimize web graphics more accurately and faster than ever with the enhanced toolsetTry Adobe Fireworks software to rapidly prototype websites, application interfaces, and other interactive designs. Create, edit, and optimize web graphics more accurately and faster than ever with the enhanced toolset. Demo your design live for your client, or e-mail an interactive PDF file.

Leverage the new user interface and core functionality such as consistent text handling and the Adobe type engine. Output your Fireworks designs to the application platform of your choice: Adobe AIR, Flash, Flex, or HTML. In addition, export web standards–compliant, CSS-based layouts — complete with external style sheets — to Adobe Dreamweaver.

The Fireworks beta is an opportunity for web designers, web architects, and developers to participate in our prerelease program. This program provides you with early access to our next release so that you can kick the tires and ensure that it meets your needs. Download the prerelease of the next version of Fireworks now and send us your feedback. The Fireworks beta will expire soon after the next version of Fireworks is available for purchase.

أقرأ باقي الموضوع »

Adobe Dreamweaver CS4 Beta on labs.adobe.com

مايو 28, 2008

Adobe Dreamweaver CS4 Beta on labs.adobe.com New features help teams and individual developers alike reach the next level in performance and functionalityAdobe Dreamweaver software is the ideal tool for web designers, coders, and application developers of all levels. Enhanced coding functions make it a breeze to navigate through complex site pages at design time.

أقرأ باقي الموضوع »


تابع

Get every new post delivered to your Inbox.