Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Foxit PDF Plugin - Zero-Day Vulnerability
Message
From
15/01/2013 22:41:03
Thomas Ganss (Online)
Main Trend
Frankfurt, Germany
 
 
To
15/01/2013 20:33:57
Al Doman
M3 Enterprises Inc.
North Vancouver, British Columbia, Canada
General information
Forum:
Technology
Category:
Software
Title:
Re: Foxit PDF Plugin - Zero-Day Vulnerability
Miscellaneous
Thread ID:
01562322
Message ID:
01562910
Views:
27
>Trevor Potts is a fairly readable BOFH at the Reg. Last September (before the most recent problems) he gave up on Java: http://www.theregister.co.uk/2012/09/03/java_cleanup/ . His philosophy is to treat Java in the browser as compromised.

Sounds like my kind of paranoid:
"If any residue of the rootkit lingers, or if Sirefef and/or its downloaded friends remain, they will all download and reinstall one another and we get to play whack-a-malware one more time. Bonus points were awarded for exploiting known Windows 7 vulnerabilities to infect every other machine on the network; that was a nice touch that really made my Friday."

reinforcing the idea to use different hosts as well, to make things harder.
This is the kind of setup future siblings or decendants will be written to overcome,
so that should give me a bit of breathing space.

>- run the VM the absolute minimum amount of time required
absolutely

>- restore a known good snapshot of the VM after each use ("toilet paper computing")
but the IRS program will patch itself up again automatically before allowing me to file.
So that would only add chances for my filing to be late... But true for browsing VM for sure.

>
>Yes, running that VM on a separate subnet can only be a good thing. I avoid wireless as much as possible, certainly never use it for anything sensitive.

I am with you in theory, in practic i just love to grab my 7' pad when not sitting before the desktop.
I know it is not secure, but too damned convinient too just check mails there with a few finger flicks.

>
>As far as subnetting goes there are lots of options. I believe some consumer routers offer a "guest" subnet. More advanced models can support VLANs etc. Those sorts of solutions seem "elegant" but there are too many people trying to hack routers e.g. http://www.theregister.co.uk/2013/01/14/cisco_linksys_zero_day/ . There is also some concern about built-in back doors i.e. http://www.bbc.co.uk/news/business-17509201 .
>
>So, physically separate routers, connected only by a cable that can be unplugged, can give the reassuring "air gap" :)

Currently I favor a double WiFi router and the second router not to have any WiFi.
Should get me into the right mental setup to divide my PWD-access according to such layout...

The Reg article seconds it:"Ring-fence the virtual machine by placing it on its own VLAN and subnet."
So I am not totally off-world in my worries...
Previous
Reply
Map
View

Click here to load this message in the networking platform