November 23rd, 2009 by ahoogWe spend a lot of time talking with corporate IT and security managers who believe the infrastructure they have in place protects them. But what is often overlooked is that many client side applications are known vulnerable with no fix in sight. Can you imagine removing Adobe Flash or PDF Reader from a user’s computer? There would be revolts (at least).
Companies have to accept that their computers will be compromised and that a strategy deploying traditional security techniques is not sufficient to protect the company. Instead, they must be able to identify problems, fix them and then patch the appropriate vectors. Shameless plug: our threatForensics services uses innovative forensic techniques to proactively protect your company. Give us a try…it will change how you operate and will quickly reduce your company’s risk.
“Security researchers at Foreground Security have found an issue with Adobe Flash. Any site that allows files to be uploaded could be vulnerable to this issue (whether they serve Flash or not!). Adobe has said that no easy fix exists and no patch is forthcoming. Adobe puts the responsibility on the website administrators themselves to fix this problem, but they themselves seem to be vulnerable to these problems. Every user with Flash installed is vulnerable to this new type of attack and — until IT administrators fix their sites — will continue to be.”
via Slashdot News Story | Flash Vulnerability Found, Adobe Says No Fix Forthcoming.
