[Fsf-friends] [En Avance] PDF is vulnerable

[Amol Hatwar]

Those who follow security will find the following amusing:

 An anonymous person has again posted vulnerability information gleaned from
the Computer Emergency Response Center (CERT) approximately 10 days in
advance of CERT's intended release of information to the public.

The vulnerability involves Adobe PDF files; the files might be able to
execute arbitrary commands on a system viewing a PDF file that contains
malicious hyperlinks.

In past months, the anonymous poster who goes by the alias "Hack4life," has
somehow managed to obtain private information from CERT without the
company's knowledge and subsequently disclosed that information to the
public before vendors were ready to do so. CERT works with vendors who
experience security problems to coordinate patch and information release.
The anonymous person's antics undermine that process.

More here: http://www.wininformant.com/Articles/Index.cfm?ArticleID=39320
--------
CERT walks the middle ground and does a good job of it, but it is a little
humorous to see an entity dedicated to security struggle to protect its own
information. The anonymous being behind the leaks even tells the world when
new information will be released, and yet his or her identity remains a
mystery.
The lesson here is that security is only as good as your ability to discern
the lack of it. If you ever reach a point where you think you're secure, you
are at your most vulnerable then.

Ciao,

ah