Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

SSL Phishing Scam / FreeBSD DoS Vulnerability / Acrobat Reader Flaw

Mar 5, 2004 1:37AM PST

SSL Phishing Scam


Phishing scams are becoming very common. While some of them are easy to recognize, some are becoming very difficult to detect due improvements and techniques to explore browsers vulnerabilities, i.e, url obfuscation.
So, while you can assure that the session is encrypted, it is not possible to ensure that this is the real organization.
The use of fraudulent certificates are also being widely used in phishing scams, so it is a good idea to always verify the certificates.
*Update*

FreeBSD vulnerability

iDefense released today a security advisory about a Denial of Service vulnerability on FreeBSD systems.
According the advisory, a remote exploitation of a denial of service attack is possible by sending multiple out-of-sequence packets to a FreeBSD system. Also, to be successful the attack will only need one open TCP port open. The attack works against all FreeBSD versions.
Even there is no PoC released yet, this attack looks pretty simple and FreeBSD users are advised to apply the patches as soon as possible.
Patches are already released and available at FreeBSD.org website:

Acrobat reader vulnerability


According a security advisory released by NGSSoftware there is a buffer overflow vulnerability in Adobe Acrobat Reader in the way it handles the XML Forms Data Format, or XFDF.
Also according the advisory, "Adobe urgently advises users of Adobe Reader to upgrade."


References:http://www.ngssoftware.com/advisories/adobexfdf.txt
http://www.adobe.com/support/downloads/main.html
Read more:

http://isc.sans.org/diary.html?date=2004-03-04

Discussion is locked