« | Home | Recent Comments | Categories | »

Report: Malicious PDF files comprised 80 percent of all exploits for 2009

Posted on February 16th, 2010 at 21:46 by John Sinteur in category: Security

[Quote:]

A newly released report shows that based on more than a trillion Web requests processed in 2009, the use of malicious PDF files exploiting flaws in Adobe Reader/Adobe Acrobat not only outpaced the use of Flash exploits, but also, grew to 80% of all exploits the company encountered throughout the year.

Wow. That is a lot. And here I thought I was paranoid banishing Acrobat Reader from all systems I control.


Write a comment

Comments:

  1. Maarten on February 16th, 2010 at 23:14:

    Hunh. I tend to balk at upgrading Acrobat Reader on my Windows box (for a variety of reasons and no perceived value gained) but I think I may just have been convinced to start keeping up with updates.

    This seems to be one of the big gotchas of software design & customer service: upgrading software behind users’s backs is considered a no-no; nagging them a lot quickly becomes annoying (yay, ANOTHER iTunes update. go AWAY); doing nothing is rarely an option because most code eventually turns out to have security issues.

  2. John Sinteur on February 16th, 2010 at 23:16:

    Here’s a good upgrade for Acrobat Reader: http://www.foxitsoftware.com/pdf/reader/

  3. Maarten on February 16th, 2010 at 23:17:

    Oh yeah, I used to use FoxIt and forgot about it. (Don’t spend much time on Windows anymore.) Thx.

  4. John Sinteur on February 16th, 2010 at 23:27:

    on the mac it’s easier: just trash Acrobat and let Mac OS Preview handle it.

  5. Irene on February 16th, 2010 at 23:55:

    This must come as a huge relief to MS who has held the crown for how many years now? (sorry, couldn’t resist)

  6. Maarten on February 17th, 2010 at 2:18:

    Ya know, Irene makes a good point. The paper that this is sourced from does not mention Internet Explorer at all. Vulnerabilities in Acrobat/Reader and Flash together make up 98% of the reported exploits. Really? There are effectively no active browser exploits anymore? Or are we looking at some odd subset here?

  7. murph on February 17th, 2010 at 2:43:

    And another possibility…

    http://www.docu-track.com/product/pdf-xchange-viewer

Georgia Schools Inquiry Finds Signs of Cheating

Posted on February 16th, 2010 at 17:45 by John Sinteur in category: What were they thinking?

[Quote:]

Georgia education officials ordered investigations on Thursday at 191 schools across the state where they had found evidence of tampering on answer sheets for the state’s standardized achievement test.

The order came after an inquiry on cheating by the Governor’s Office of Student Achievement raised red flags regarding one in five of Georgia’s 1,857 public elementary and middle schools. A large proportion of the schools were in Atlanta.

The inquiry flagged any school that had an abnormal number of erasures on answer sheets where the answers were changed from wrong to right, suggesting deliberate interference by teachers, principals or other administrators.

Experts said it could become one of the largest cheating scandals in the era of widespread standardized testing.

Hate your teacher? All your classmates hate him too? Easy solution! Conspire to have as many students as possible erase fake answers on your tests.


Write a comment

Adolf Hitler makes a Hitler YouTube parody video

Posted on February 16th, 2010 at 17:19 by John Sinteur in category: Funny!


Write a comment

Cassini Spacecraft Crosses Saturn’s Ring Plane

Posted on February 16th, 2010 at 11:13 by John Sinteur in category: Great Picture

[Quote:]

See Explanation. Clicking on the picture will download the highest resolution version available.
Credit:
Cassini Imaging Team, ISS, JPL, ESA, NASA

If this is Saturn, where are the rings? When Saturn’s “appendages” disappeared in 1612, Galileo did not understand why. Later that century, it became understood that Saturn‘s unusual protrusions were rings and that when the Earth crosses the ring plane, the edge-on rings will appear to disappear. This is because Saturn’s rings are confined to a plane many times thinner, in proportion, than a razor blade. In modern times, the robot Cassini spacecraft orbiting Saturn now also crosses Saturn’s ring plane. A series of plane crossing images from 2005 February was dug out of the vast online Cassini raw image archive by interested Spanish amateur Fernando Garcia Navarro. Pictured above, digitally cropped and set in representative colors, is the striking result. Saturn’s thin ring plane appears in blue, bands and clouds in Saturn’s upper atmosphere appear in gold. Since Saturn just passed its equinox, today the ring plane is pointed close to the Sun and the rings could not cast the high dark shadows seen across the top of this image, taken back in 2005. Moons appear as bumps in the rings.


Write a comment

Comments:

  1. The Gaucho on February 16th, 2010 at 14:23:

    Incredibly cool!

Cartoons

Posted on February 16th, 2010 at 9:37 by John Sinteur in category: Cartoon


Write a comment

Reboot Scheduler

Posted on February 16th, 2010 at 9:24 by John Sinteur in category: ¿ʞɔnɟ ǝɥʇ ʇɐɥʍ, Software

Whine about Apple about closed systems and lack of multitasking all you want, but at least there’s no need for an app like this.


Write a comment

Comments:

  1. Jim on February 16th, 2010 at 15:03:

    No need? As in: never has memory leaks, crashing programs or freezes? Hmm, Google seems to disagree, but then again, Google may be biased too ;)
    http://www.macworld.com/article/133078/2008/04/tco_iphone_freeze.html
    I suppose iPhone users are more forgiving to start with. The closed system helps in minimizing crashes, but as an effect, it also seriously lacks functionality. What we want is both, so with MS we marvel at all the possibilities the system has, and whine about the bugs and crashes and poor UI, and with Apple we marvel at the UI and design, and whine about the closed system and lack of functions.

  2. JimM on February 16th, 2010 at 22:26:

    It’s hard not to argue with you, John. The existence of this app for WebOS doesn’t imply that it’s necessary, nor that some folks wouldn’t find it useful on their iPhone.

    Clearly the memory leaks in WebOS are more visible than on the iPhone due to multitasking, apps able to run in the background, etc, but that’s not to say that the iPhone isn’t without its own issues. AFAIK, the only app on the iPhone that runs in the background is the browser, and the memory leaks in that certainly caused issues. An anti-Apple critic might argue that the iPhone doesn’t multitask because Apple can’t get it right (even on MacOS – closing windows doesn’t close the app). I personally recognize that it is a design choice, but I won’t be surprised if Apple eventually caves into pressure to add multitasking, especially on the iPad.

    To add to the other Jim’s point, there’s an argument that folks who are most in need of occasional reboots are the ones who have installed homebrew apps – such as the homebrew app you mention here. On WebOS, this is a simple process which doesn’t compromise your system security, and Palm doesn’t deliberately re-lock your phone with every update. It allows “enthusiasts” to push their phones to limits beyond the stock apps and system, with less risk on WebOS than similar operations on the iPhone. Apple’s design feels like they’re only addressing a single user persona who, fortunately for Apple, loves the product as-is.

    In the worst case, I’m not familiar enough with the iPhone to know what happens if you have to do a factory reset. On WebOS, a factory reset restores all prefs and apps. There are of course arguments for and against this, but to me it means that if I hack my own phone too much, I can restore it without fear of having to start all over.

    To be fair, Palm had plenty of time to learn from Apple’s innovations and mistakes, and they made something that I personally feel is a better product. I’m not whining about the iPhone – instead I’m helping Apple innovate by buying something else.

    Now, to argue with the other Jim – Windows Mobile, are you crazy? I couldn’t stand the sketchy multitasking in 6.1, hoping that my other app wouldn’t close itself while I was hopping over to read email. Listening to podcasts was at best a crap shoot, hoping that my podcatcher wouldn’t close itself while Media Player loaded. No issues like that with my Palm Pre.

    (And here come the Blackberry and Android fans…)

  3. John Sinteur on February 16th, 2010 at 22:44:

    You make a lot of good points, so I’m going to limit myself to a few corrections.

    AFAIK, the only app on the iPhone that runs in the background is the browser, and the memory leaks in that certainly caused issues.

    One word: mail. allright, a few more words: push notification service, location service, and a few others – the iPhone is running a lot of different processes at the same time, they just happen to be non-app related processes

    there’s an argument that folks who are most in need of occasional reboots are the ones who have installed homebrew apps

    As a developer – I’ve got *lots* of home-brew stuff on my iPhone. Literally brewing it in my home for a lot of them. I don’t need reboots any more than a regular user: hardly ever. Could be that I’m a great developer, of course, but it says something more about the robustness of the OS than it says about me.

    closing windows doesn’t close the app

    That has nothing, and I do mean nothing to do with multitasking. The iPhone OS is a unix variant, perfectly capable of multitasking up the wazoo. It’s a deliberate choice to not allow it to apps.

    happens if you have to do a factory reset

    On the iPhone, you get an utterly clean phone you need to refill with a backup of your data via iTunes.

  4. John Sinteur on February 16th, 2010 at 22:48:

    Oh, and let me show you a crash-dump from one of my own applications during development, cutting out a lot of irrelevant detail, and let’s see if you can spot the multitasking:

    Incident Identifier: CE9D9F8B-9D3A-480E-8CCE-818100395524
CrashReporter Key:   a73094962c416501fe86be41a4f5ebbf67fc01d3
Process:         Smiley Ping! [118]
Path:            /var/mobile/Applications/AFE3F799-EE06-4C6D-995E-AEF1C92F8B93/Smiley Ping!.app/Smiley Ping!
Identifier:      Smiley Ping!
Version:         ??? (???)
Code Type:       ARM (Native)
Parent Process:  launchd [1]

Date/Time:       2010-01-12 09:27:06.068 +0100
OS Version:      iPhone OS 3.1.2 (7D11)
Report Version:  104

Exception Type:  EXC_CRASH (SIGABRT)
Exception Codes: 0x00000000, 0x00000000
Crashed Thread:  0

Thread 0 Crashed:
0   libSystem.B.dylib             	0x00090b5c __kill + 8
1   libSystem.B.dylib             	0x00090b4a kill + 4
2   libSystem.B.dylib             	0x00090b3e raise + 10
3   libSystem.B.dylib             	0x000a7e64 abort + 36
4   libstdc++.6.dylib             	0x00066390 __gnu_cxx::__verbose_terminate_handler() + 588
5   libobjc.A.dylib               	0x00008898 _objc_terminate + 160
6   libstdc++.6.dylib             	0x00063a84 __cxxabiv1::__terminate(void (*)()) + 76
7   libstdc++.6.dylib             	0x00063afc std::terminate() + 16
8   libstdc++.6.dylib             	0x00063c24 __cxa_throw + 100
9   libobjc.A.dylib               	0x00006e54 objc_exception_throw + 104
10  Foundation                    	0x0000202a __NSThreadPerformPerform + 574
11  CoreFoundation                	0x000573a0 CFRunLoopRunSpecific + 1908
12  CoreFoundation                	0x00056c18 CFRunLoopRunInMode + 44
13  GraphicsServices              	0x0000436c GSEventRunModal + 188
14  UIKit                         	0x00003c28 -[UIApplication _run] + 552
15  UIKit                         	0x00002228 UIApplicationMain + 960
16  Smiley Ping!                  	0x00002946 main (main.m:13)
17  Smiley Ping!                  	0x000028bc start + 44

Thread 1:
0   libSystem.B.dylib             	0x000014b8 mach_msg_trap + 20
1   libSystem.B.dylib             	0x00004094 mach_msg + 60
2   CoreFoundation                	0x00057002 CFRunLoopRunSpecific + 982
3   CoreFoundation                	0x00056c18 CFRunLoopRunInMode + 44
4   WebCore                       	0x000846f0 RunWebThread(void*) + 412
5   libSystem.B.dylib             	0x0002b7b0 _pthread_body + 20

Thread 2:
0   libobjc.A.dylib               	0x00004d70 _class_hasCxxStructorsNoSuper + 8
1   libobjc.A.dylib               	0x00005128 object_cxxDestructFromClass + 20
2   libobjc.A.dylib               	0x00008238 objc_destructInstance + 12
3   libobjc.A.dylib               	0x000050fc _internal_object_dispose + 12
4   libobjc.A.dylib               	0x000050e4 object_dispose + 4
5   Foundation                    	0x00048afc NSDeallocateObject + 100
6   Foundation                    	0x00048a8e -[NSObject(NSObject) dealloc] + 2
7   CoreFoundation                	0x00065d9c -[NSInvocation dealloc] + 88
8   CoreFoundation                	0x0003963a -[NSObject release] + 28
9   Foundation                    	0x00047990 NSPopAutoreleasePool + 238
10  Foundation                    	0x0004c15a -[NSAutoreleasePool release] + 10
11  Smiley Ping!                  	0x0001ec1c -[ASIHTTPRequest loadRequest] (ASIHTTPRequest.m:893)
12  Smiley Ping!                  	0x0001c63e -[ASIHTTPRequest main] (ASIHTTPRequest.m:503)
13  Foundation                    	0x00063946 -[NSOperation start] + 338
14  Foundation                    	0x00053ac6 -[NSThread main] + 42
15  Foundation                    	0x00001d0e __NSThread__main__ + 852
16  libSystem.B.dylib             	0x0002b7b0 _pthread_body + 20

Thread 3:
0   libSystem.B.dylib             	0x000014b8 mach_msg_trap + 20
1   libSystem.B.dylib             	0x00004094 mach_msg + 60
2   CoreFoundation                	0x00057002 CFRunLoopRunSpecific + 982
3   CoreFoundation                	0x00056c18 CFRunLoopRunInMode + 44
4   Foundation                    	0x0005a998 +[NSURLConnection(NSURLConnectionReallyInternal) _resourceLoadLoop:] + 172
5   Foundation                    	0x00053ac6 -[NSThread main] + 42
6   Foundation                    	0x00001d0e __NSThread__main__ + 852
7   libSystem.B.dylib             	0x0002b7b0 _pthread_body + 20

Thread 4:
0   libSystem.B.dylib             	0x000262f0 select$DARWIN_EXTSN + 20
1   CoreFoundation                	0x000207e2 __CFSocketManager + 342
2   libSystem.B.dylib             	0x0002b7b0 _pthread_body + 20

Thread 0 crashed with ARM Thread State:
    r0: 0x00000000    r1: 0x00000000      r2: 0x00000001      r3: 0x383443cc
    r4: 0x00000006    r5: 0x001df71c      r6: 0x2ffff2a4      r7: 0x2ffff2b4
    r8: 0x3841bcac    r9: 0x0000000a     r10: 0x00000001     r11: 0x00107fd0
    ip: 0x00000025    sp: 0x2ffff2b4      lr: 0x327bdb51      pc: 0x327bdb5c
  cpsr: 0x000f0010

Binary Images:
    0x1000 -    0x4cfff +Smiley Ping! armv6  <1b535e8f6b22c0d92037901e17f5d36f> 
/var/mobile/Applications/AFE3F799-EE06-4C6D-995E-AEF1C92F8B93/Smiley Ping!.app/Smiley Ping!
  5. JimM on February 17th, 2010 at 3:08:

    John, thanks for the response and the extra info. I think we agree that the BSD-based iPhone OS is technically capable of multitasking. My point is more that Apple chooses not to expose that to the user, and, where they’ve chosen to implement it, it has caused problems, if not outright user confusion.

    Closing the browser on the iPhone, in the user’s mental model, closes the app. Closing the window for an app on MacOS, in the user’s mental model, closes the app. Neither of these is technically true, and Bad Things can happen as a result. It’s a cheap shot for me to take – well, really, two cheap shots – as the iPhone browser issue was widely publicized, and the app-with-no-windows issue has long caused user confusion for those not familiar with MacOS. (I had to support Mac users on system 7, in the days when memory wasn’t cheap and plentiful, and frequently had to remind them to File->Quit apps they weren’t using to free up memory so they could play Bolo.)

    The iPhone does lots of things well. It kicked the phone industry into a new paradigm the same way the original Mac did to the PC industry. It sounds like they’ve done great things with memory management. However, to dismiss a request for user-facing multitasking as whining displays the same arrogance that has led them to keep user-confusing behavior as a core part of their desktop OS for the past 20 years. Where Apple is superior, the Apple smugness can be overlooked. Where Apple only _thinks_ they’re superior, it makes “the rest of us” cringe.

    I hope I haven’t offended you – your blog continually offers one of the best (IMHO) cross-sections of world events in terms of politics, humor, technology, and other fun things like game theory. You also debate well. However, you diss my boy WebOS, and it’s on! ;-)

    MVG,
    -JimM

  6. John Sinteur on February 17th, 2010 at 6:22:

    I hope I haven’t offended you

    Nope, no worries.

    the app-with-no-windows issue has long caused user confusion for those not familiar with MacOS

    Oh, absolutely, but that’s really a user-interface problem, and not multi-tasking.

    However, to dismiss a request for user-facing multitasking as whining

    I usually group all the iPhone complaints when I talk about whining. Talking about a request for user-facing multitasking specifically can be whining if all you do is “but I want multitasking whaaaaa!”. It’s not whining if you say something like “I want multitasking because I need it for X, Y or Z”. And as you said, the OS does multitasking fine, it’s just user-facing multitasking people miss. So all you need is a good multi-touch interface for it – can you think of one? Make sure you don’t make the same “app-without-a-window” mistake that the desktop Mac OS does… Bonus points if you keep the information resolution correct.

  7. JimM on February 17th, 2010 at 8:35:

    It’s all about the user experience – the arguments over multitasking (co-op or pre-emp, processes or threads) have been settled technically.

    Information resolution – sounds like a really cool concept, I’ll ask our UX specialist at work for more info.

    Regarding multitasking, I don’t have a specific set of use cases, but I feel like I use it all the time on my phone. Play a game, get notification of email, go read it, open a browser link, open another card from that one, then close them all down and go back to my game. I only interact with a single app at once – but I can switch between them with a swipe or 2. How is that different from the iPhone? Does every app auto-park itself, or do some of them “start over”? Is there at least a place where the most recent apps are listed?

    Perhaps there’s a question of definition – if I have several apps open, such that I can easily switch between them, but only view / interact with 1 at a time – does that constitute multitasking? It’s comparable to tabs – see 1 at a time. Or does multitasking require multiple different apps to be displayed at once? Do widgets count? I have yet to see widgets that don’t reduce the UI to busy noise.

    I think the Palm Pre has the best overall phone UI I’ve seen – but I haven’t extensively used the iPhone. Let me know if you want to trade for a week.

  8. Jim on February 17th, 2010 at 11:12:

    An interesting read from both of you. To add one point to the multitasking discussion here, John, you said:
    [i]I don’t need reboots any more than a regular user: hardly ever. Could be that I’m a great developer, of course, but it says something more about the robustness of the OS than it says about me.[/i]
    I think it has nothing to do with the robustness of the apps or the OS, it tells me more about how you use the device. Here’s me: I turn on the audio player or web radio streamer, which connects to my A2DP bluetooth carkit – it plays either MP3′s or web radio on my car stereo. Then I switch to iGO8, enabling navigation whilst the music continues. I could have iGO chat through the music, but I prefer to keep that turned off.
    When I take the train, I open my calendar app (pocket informant, easily the best there is imo) and check my appointments. At the same time Opera is loading webpages, and I can type an SMS, switching instantly between these apps. I can use the time spent waiting for the webpage to load (however short that may be) to mail, sms, update my appointments, read/edit word documents or play games.
    I have no idea if this can be done on an iPhone too, but afaik that is going to be tricky.
    @JimM: it’s like I said: Windows Mobile is a little shaky and it’s UI is seriously lacking. But you can do almost anything you like with it. It’s true it can be a pain to get it stable and set up just right – but when you do, I believe it’s the most versatile system available.

  9. Roland Hesz on February 17th, 2010 at 11:49:

    Actually John, my friend would have loved to have an app like that when his iPhone froze and he had to wait half a day without a phone until he could get to computer with iTunes on it.

  10. John Sinteur on February 17th, 2010 at 11:53:

    hold the home button and the power button both for 10 seconds, and your iPhone will reboot. No app required,

  11. John Sinteur on February 17th, 2010 at 12:11:

    when I get into my car, the phone auto-connects with my car radio via bluetooth, and I can use the iPod app to start playing my music. I then start up tomtom for my route – if I get a call along the way, my car radio is also a hands-free kit. After the call I get back to tomtom automatically. Of course I use email and calendar extensively, and I get a lot of pings from friends. Sounds not too different from your usage.

  12. Roland Hesz on February 18th, 2010 at 9:04:

    With all due respect John, I personally held if for him about 1 minute just out of curiousity :)
    The apple was still grinning. :)

  13. Cameron Ring on February 20th, 2010 at 19:34:

    I’m curious, what was the cause of the crash in Smiley Ping!?

  14. John Sinteur on February 20th, 2010 at 19:45:

    The one I’m showing the dump for? I don’t quite remember, I think this one was an error in one of the nib files.. Usually I don’t look at the crash dumps, but I just catch the error in the debugger during development, so linking one particular crash dump to a particular debugging session isn’t easy looking at it weeks later.

Adobe sabotaging the HTML5-spec via W3C politics?

Posted on February 16th, 2010 at 9:17 by John Sinteur in category: Software

[Larry Masinter, from Adobe:]

No part of HTML5 is, or was ever, “blocked” in the W3C HTML Working Group — not HTML5, not Canvas 2D Graphics, not Microdata, not Video — not by me, not by Adobe.

Neither Adobe nor I oppose, are fighting, are trying to stop, slow down, hinder, oppose, or harm HTML5, Canvas 2D Graphics, Microdata, video in HTML, or any of the other significant features in HTML5.

Claims otherwise are false. Any other disclaimers needed?

So, let’s go and check the minutes:

[Quote:]

Here’s another one (from http://www.w3.org/2010/02/11-html-wg-minutes.html#item07 , the official minutes from the February 11th teleconference of the W3C HTML Working Group):

“”"
masinter: do I need to repeat objections?
paulc: the co-chairs are aware of the formal objection
rubys: it would be helpful to repeat the objection
paulc: it would be helpful to people who aren’t reading w3-archive email

plh: we won’t approve the FPWDs until the FO is resolved
masinter: sure, i’ll forward my comment on scope
paulc: plh and larry, can you post the FO on the public-html list and the affects on the plans?
(plh and larry each agree)
“”"

For those of you playing along at home, “masinter” is Adobe’s official representative on the W3C HTML Working Group; “paulc” and “rubys” are the co-chairs of the W3C HTML Working Group; “plh” works for the W3C; “w3-archive” is a members-only mailing list in the W3C that is not only not viewable by the public, it is not viewable by the hundreds of non-W3C-members who have been invited to the W3C HTML Working Group.

Oh, and “Simon St. Laurent” is apparently some guy with a blog who enjoys cherry-picking quotes from a bunch of other blogs that fit his preconceptions. But don’t let that stop you from reading the primary sources for yourself, where you will clearly see that on February 11th, the co-chairs of the W3C HTML Working Group were trying to convince Adobe’s official representative to make public the Formal Objection that he had previously only made on a members-only mailing list, a Formal Objection which the W3C representative said would have to be resolved before the W3C would agree to publish the W3C HTML Working Group’s working drafts.

Looks like a block to me. But since Adobe claims “not so!”, Ian Hickson calls their bluff:

[Quote:]

Since I was mistaken about the formal objection, should I prepare the drafts for FPWD publication now? What date should I use?


Write a comment

Wi-Fi Turns Arizona Bus Ride Into a Rolling Study Hall

Posted on February 16th, 2010 at 9:08 by John Sinteur in category: News

[Quote:]

Students endure hundreds of hours on yellow buses each year getting to and from school in this desert exurb of Tucson, and stir-crazy teenagers break the monotony by teasing, texting, flirting, shouting, climbing (over seats) and sometimes punching (seats or seatmates).

But on this chilly morning, as bus No. 92 rolls down a mountain highway just before dawn, high school students are quiet, typing on laptops.

Morning routines have been like this since the fall, when school officials mounted a mobile Internet router to bus No. 92’s sheet-metal frame, enabling students to surf the Web. The students call it the Internet Bus, and what began as a high-tech experiment has had an old-fashioned — and unexpected — result. Wi-Fi access has transformed what was often a boisterous bus ride into a rolling study hall, and behavioral problems have virtually disappeared.


Write a comment

Comments:

  1. Mauro on February 17th, 2010 at 19:00:

    So completely unexpected! You mean that people who are bored without the internet will be less bored when presented with an opportunity to play around on the internet? Crazy!

    But seriously, excellent call on the school officials’ part. There must be a thinking person there.

The 70′s were awesome!

Posted on February 16th, 2010 at 9:06 by John Sinteur in category: Funny!


Write a comment

Comments:

  1. Jan-Mark on February 16th, 2010 at 9:57:

    Yea, people were less obese in those days…

  2. Michael on February 16th, 2010 at 21:06:

    Yo! to the bro with the ‘fro!