Archive for the ‘security’
There is a new social engineering attack that utilizes the /Launch capability in Acrobat Reader. It is currently being exploited by a particularly nasty trojan named Zeus. It is simple to protect yourself from this exploit some please disable /launch by following the instructions at http://blogs.adobe.com/adobereader/2010/04/didier_stevens_launch_function.html.
For more on Zeus, see this Wikipedia article.
As always; keep your software updated, use anti-malware detection software, use a well-configured firewall when accessing public Internet access point, and use common sense to recognize phishing attempts.
Adobe’s products have received recent scrutiny from the security community. In fact, many have suggested that their products will be the main target for malware in 2010. Why? Well Adobe’s Acrobat Reader and Shockwave are very widely distributed and many vulnerabilities are being discovered which often remain unpatched for a while. Adobe has some improving to do.
In the meantime, you can protect yourself somewhat and still use Acrobat Reader. These steps do not guarantee your safety but do reduce your risk profile.
A very good summary of information from SANS Institute.
The Ten Dumbest Things People Do to Mess Up Their Computers
- Plug into the Wall without Surge Protection
- Surf the Internet without a Hardware Firewall and a Software Firewall
- Turn off the Antivirus Because It Slows Down Your System
- Install and Uninstall Lots of Programs, Especially Freeware
- Keep Your Hard Drive Full and Fragmented
- Open All Email Attachments
- Click on Everything
- Believe that Macs Don’t Get Viruses
- Use Easy, Quick passwords
- Don’t Bother with Backups
Now I’m certain that somebody will deliver a comedic version of this list but the ten items listed here are things to make certain YOU do not do.
View the latest OUCH report from SANS. This security awareness report helps general computer users protect their computers and more importantly their information.
It has been some time since I distributed the last report. The information contained herein is still relevant for all users.