Acrobat vulnerability and ubuntu

There is a new PDF/SWF vulnerability, used for the last one or two weeks. I have already seen several samples using this attack. The Linux version of acrobat is vulnerable to.

If you ask yourself if your ubuntu can be hacked using this exploit:

AFAIK yes

But if you ask if you are safe from accidentially browsing to a homeage and get your ubuntu infected using this exploit

You are still safe (if you have no enemies). The mass attacks are targeted on the larger targets. And the linux community is still quite small.

There are several  reason why there are so many vulnerabilities in flash and especially PDF

And these reasons all boil down to bad design.

  • PDF is designed fail-safe. The reader will try to open and display mutilated PDF files. An AV scanner must be able to open and scan every file that would be opened by the reader. This adds to complexity
  • Different encodings are allowed. Mixed. This adds to complexity
  • Two different scripting languages are allowed (if you know more languages, tell me). JavaScript and Flash can be embedded in a document. Adding code to data is never a good idea if you are concerned about security. And it adds to complexity

There is a kiss (keep it small and simple) principle. They failed that.

Profit

Imagine you are evil.

There are about 8 Million Ubuntu users. About 50% of them have flash installed. If you are able to infect them all and get 10€ for each infected PC (Botnet, data theft, phising) you will be able to earn 40 000 000 €. If you only manage to get an infection rate of 1/10 000 you will earn 4000 €

There are at least 80 times more windows users (640 Million users). About 90% of them use Flash. If you are able to infect them all and get 10€ for each infected PC (Botnet, data theft, phising) you will be able to earn 5 760 000 000 €. If you only manage to get an infection rate of 1/10 000 you will earn 576 000 €

Hacking a Linux box is as complicated as hacking a windows box.

So which option would you choose ?

(Don’t do this at home. People will get angry at you)

What can you do to keep your ubuntu safe

  • Update your software (flash and pdf) ASAP and regularly
  • install AV software (always a good additional security)
  • convince as many people as possible to use windows
  • Spread the word !
Advertisements

~ by thorstensick on August 2, 2009.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: