EFF has released an interesting study they have completed on the effectiveness of browser fingerprinting. What they found was that the great majority of browsers are easily and uniquely fingerprinted. In fact, “We identifieded only three groups of browser with comparatively good resistance to fingerprinting: those that block JavaScript, those that use TorButton, and certain types of smartphone.”
There is a new social engineering attack that utilizes the /Launch capability in Acrobat Reader. It is currently being exploited by a particularly nasty trojan named Zeus. It is simple to protect yourself from this exploit some please disable /launch by following the instructions at http://blogs.adobe.com/adobereader/2010/04/didier_stevens_launch_function.html.
For more on Zeus, see this Wikipedia article.
As always; keep your software updated, use anti-malware detection software, use a well-configured firewall when accessing public Internet access point, and use common sense to recognize phishing attempts.
Adobe’s products have received recent scrutiny from the security community. In fact, many have suggested that their products will be the main target for malware in 2010. Why? Well Adobe’s Acrobat Reader and Shockwave are very widely distributed and many vulnerabilities are being discovered which often remain unpatched for a while. Adobe has some improving to do.
In the meantime, you can protect yourself somewhat and still use Acrobat Reader. These steps do not guarantee your safety but do reduce your risk profile.
A very good summary of information from SANS Institute.
Now I’m certain that somebody will deliver a comedic version of this list but the ten items listed here are things to make certain YOU do not do.
View the latest OUCH report from SANS. This security awareness report helps general computer users protect their computers and more importantly their information.
It has been some time since I distributed the last report. The information contained herein is still relevant for all users.
